tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'aosp/upstream-master' into mymege am: 97f1ad6591

Browse source 
am: a36f6bc864

Change-Id: I18109119153be66b3818830c083a9cae2fec55ad
This commit is contained in:
Nick Kralevich 2019-06-21 12:27:31 -07:00 committed by android-build-merger
commit 82a225fbcd
56 changed files with 472 additions and 760 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

159
checkpolicy/policy_define.c
View file

@ -1210,10 +1210,7 @@ int expand_attrib(void)
flags = TYPE_FLAGS_EXPAND_ATTR_FALSE;
}
ebitmap_for_each_bit(&attrs, node, i) {
if (!ebitmap_node_get_bit(node, i)){
continue;
}
ebitmap_for_each_positive_bit(&attrs, node, i) {
attr = hashtab_search(policydbp->p_types.table,
policydbp->sym_val_to_name[SYM_TYPES][i]);
attr->flags |= flags;
@ -1673,19 +1670,17 @@ int define_compute_type_helper(int which, avrule_t ** rule)
}
free(id);
ebitmap_for_each_bit(&tclasses, node, i) {
if (ebitmap_node_get_bit(node, i)) {
perm = malloc(sizeof(class_perm_node_t));
if (!perm) {
yyerror("out of memory");
goto bad;
}
class_perm_node_init(perm);
perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
ebitmap_for_each_positive_bit(&tclasses, node, i) {
perm = malloc(sizeof(class_perm_node_t));
if (!perm) {
yyerror("out of memory");
goto bad;
}
class_perm_node_init(perm);
perm->tclass = i + 1;
perm->data = datum->s.value;
perm->next = avrule->perms;
avrule->perms = perm;
}
ebitmap_destroy(&tclasses);
@ -2101,9 +2096,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
perms = NULL;
id = queue_head(id_queue);
ebitmap_for_each_bit(&tclasses, node, i) {
if (!ebitmap_node_get_bit(node, i))
continue;
ebitmap_for_each_positive_bit(&tclasses, node, i) {
cur_perms =
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
if (!cur_perms) {
@ -2565,9 +2558,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
goto out;
perms = NULL;
ebitmap_for_each_bit(&tclasses, node, i) {
if (!ebitmap_node_get_bit(node, i))
continue;
ebitmap_for_each_positive_bit(&tclasses, node, i) {
cur_perms =
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
if (!cur_perms) {
@ -2586,9 +2577,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
while ((id = queue_remove(id_queue))) {
cur_perms = perms;
ebitmap_for_each_bit(&tclasses, node, i) {
if (!ebitmap_node_get_bit(node, i))
continue;
ebitmap_for_each_positive_bit(&tclasses, node, i) {
cladatum = policydbp->class_val_to_struct[i];
if (strcmp(id, "*") == 0) {
@ -2930,17 +2919,13 @@ static int dominate_role_recheck(hashtab_key_t key __attribute__ ((unused)),
return -1;
}
/* raise types and dominates from dominated role */
ebitmap_for_each_bit(&rdp->dominates, node, i) {
if (ebitmap_node_get_bit(node, i))
if (ebitmap_set_bit
(&rdatum->dominates, i, TRUE))
goto oom;
ebitmap_for_each_positive_bit(&rdp->dominates, node, i) {
if (ebitmap_set_bit(&rdatum->dominates, i, TRUE))
goto oom;
}
ebitmap_for_each_bit(&types, node, i) {
if (ebitmap_node_get_bit(node, i))
if (ebitmap_set_bit
(&rdatum->types.types, i, TRUE))
goto oom;
ebitmap_for_each_positive_bit(&types, node, i) {
if (ebitmap_set_bit(&rdatum->types.types, i, TRUE))
goto oom;
}
ebitmap_destroy(&types);
}
@ -3018,20 +3003,17 @@ role_datum_t *define_role_dom(role_datum_t * r)
if (r) {
ebitmap_t types;
ebitmap_init(&types);
ebitmap_for_each_bit(&r->dominates, node, i) {
if (ebitmap_node_get_bit(node, i))
if (ebitmap_set_bit(&role->dominates, i, TRUE))
goto oom;
ebitmap_for_each_positive_bit(&r->dominates, node, i) {
if (ebitmap_set_bit(&role->dominates, i, TRUE))
goto oom;
}
if (type_set_expand(&r->types, &types, policydbp, 1)) {
ebitmap_destroy(&types);
return NULL;
}
ebitmap_for_each_bit(&types, node, i) {
if (ebitmap_node_get_bit(node, i))
if (ebitmap_set_bit
(&role->types.types, i, TRUE))
goto oom;
ebitmap_for_each_positive_bit(&types, node, i) {
if (ebitmap_set_bit(&role->types.types, i, TRUE))
goto oom;
}
ebitmap_destroy(&types);
if (!r->s.value) {
@ -3214,15 +3196,9 @@ int define_role_trans(int class_specified)
if (type_set_expand(&types, &e_types, policydbp, 1))
goto bad;
ebitmap_for_each_bit(&e_roles, rnode, i) {
if (!ebitmap_node_get_bit(rnode, i))
continue;
ebitmap_for_each_bit(&e_types, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_bit(&e_classes, cnode, k) {
if (!ebitmap_node_get_bit(cnode, k))
continue;
ebitmap_for_each_positive_bit(&e_roles, rnode, i) {
ebitmap_for_each_positive_bit(&e_types, tnode, j) {
ebitmap_for_each_positive_bit(&e_classes, cnode, k) {
for (tr = policydbp->role_tr; tr;
tr = tr->next) {
if (tr->role == (i + 1) &&
@ -3410,16 +3386,9 @@ int define_filename_trans(void)
if (type_set_expand(&ttypes, &e_ttypes, policydbp, 1))
goto bad;
ebitmap_for_each_bit(&e_tclasses, cnode, c) {
if (!ebitmap_node_get_bit(cnode, c))
continue;
ebitmap_for_each_bit(&e_stypes, snode, s) {
if (!ebitmap_node_get_bit(snode, s))
continue;
ebitmap_for_each_bit(&e_ttypes, tnode, t) {
if (!ebitmap_node_get_bit(tnode, t))
continue;
ebitmap_for_each_positive_bit(&e_tclasses, cnode, c) {
ebitmap_for_each_positive_bit(&e_stypes, snode, s) {
ebitmap_for_each_positive_bit(&e_ttypes, tnode, t) {
ft = calloc(1, sizeof(*ft));
if (!ft) {
yyerror("out of memory");
@ -3652,39 +3621,36 @@ int define_constraint(constraint_expr_t * expr)
}
while ((id = queue_remove(id_queue))) {
ebitmap_for_each_bit(&classmap, enode, i) {
if (ebitmap_node_get_bit(enode, i)) {
cladatum = policydbp->class_val_to_struct[i];
node = cladatum->constraints;
ebitmap_for_each_positive_bit(&classmap, enode, i) {
cladatum = policydbp->class_val_to_struct[i];
node = cladatum->constraints;
perdatum =
(perm_datum_t *) hashtab_search(cladatum->
permissions.
table,
(hashtab_key_t)
id);
if (!perdatum) {
if (cladatum->comdatum) {
perdatum =
(perm_datum_t *)
hashtab_search(cladatum->
comdatum->
permissions.
table,
(hashtab_key_t)
id);
}
if (!perdatum) {
yyerror2("permission %s is not"
" defined", id);
free(id);
ebitmap_destroy(&classmap);
return -1;
}
perdatum =
(perm_datum_t *) hashtab_search(cladatum->
permissions.
table,
(hashtab_key_t)
id);
if (!perdatum) {
if (cladatum->comdatum) {
perdatum =
(perm_datum_t *)
hashtab_search(cladatum->
comdatum->
permissions.
table,
(hashtab_key_t)
id);
}
if (!perdatum) {
yyerror2("permission %s is not"
" defined", id);
free(id);
ebitmap_destroy(&classmap);
return -1;
}
node->permissions |=
(1 << (perdatum->s.value - 1));
}
node->permissions |= (1 << (perdatum->s.value - 1));
}
free(id);
}
@ -4179,10 +4145,9 @@ static int set_user_roles(role_set_t * set, char *id)
}
/* set the role and every role it dominates */
ebitmap_for_each_bit(&r->dominates, node, i) {
if (ebitmap_node_get_bit(node, i))
if (ebitmap_set_bit(&set->roles, i, TRUE))
goto oom;
ebitmap_for_each_positive_bit(&r->dominates, node, i) {
if (ebitmap_set_bit(&set->roles, i, TRUE))
goto oom;
}
free(id);
return 0;

21
checkpolicy/ru/checkpolicy.8
View file

@ -3,7 +3,7 @@
checkpolicy \- компилятор политики SELinux
.SH ОБЗОР
.B checkpolicy
.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
.br
.SH "ОПИСАНИЕ"
Эта страница руководства содержит описание команды
@ -17,30 +17,33 @@ checkpolicy \- компилятор политики SELinux
.B \-b,\-\-binary
Прочитать существующий двоичный файл политики, а не исходный файл policy.conf.
.TP
.B \-F,\-\-conf
Записать файл policy.conf, а не двоичный файл политики. Этот параметр можно использовать только при работе с двоичным файлом политики.
.TP
.B \-C,\-\-cil
Записать файл политики CIL, а не двоичный файл политики.
.TP
.B \-d,\-\-debug
Войти в режим отладки после загрузки политики.
.TP
.B \-F,\-\-conf
Записать файл policy.conf, а не двоичный файл политики. Этот параметр можно использовать только при работе с двоичным файлом политики.
.B \-U,\-\-handle-unknown <action>
Указать, как ядро должно обрабатывать неизвестные классы или разрешения (запрещать, разрешать или отклонять).
.TP
.B \-M,\-\-mls
Включить политику MLS при проверке и компиляции политики.
.TP
.B \-o,\-\-output filename
Записать двоичный файл политики с указанным именем файла.
.TP
.B \-c policyvers
Указать версию политики (по умолчанию используется последняя).
.TP
.B \-o,\-\-output filename
Записать двоичный файл политики с указанным именем файла.
.TP
.B \-S,\-\-sort
Сортировать прочие контексты (ocontexts) перед записью двоичной политики. Этот параметр позволяет задать соответствие вывода checkpolicy двоичным политикам, созданным с помощью semanage и secilc.
.TP
.B \-t,\-\-target
Указать целевую платформу (selinux или xen).
.TP
.B \-U,\-\-handle-unknown <action>
Указать, как ядро должно обрабатывать неизвестные классы или разрешения (запрещать, разрешать или отклонять).
.TP
.B \-V,\-\-version
Показать сведения о версии.
.TP

14
checkpolicy/test/dismod.c
View file

@ -825,15 +825,13 @@ static void display_policycaps(policydb_t * p, FILE * fp)
unsigned int i;
fprintf(fp, "policy capabilities:\n");
ebitmap_for_each_bit(&p->policycaps, node, i) {
if (ebitmap_node_get_bit(node, i)) {
capname = sepol_polcap_getname(i);
if (capname == NULL) {
snprintf(buf, sizeof(buf), "unknown (%d)", i);
capname = buf;
}
fprintf(fp, "\t%s\n", capname);
ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
capname = sepol_polcap_getname(i);
if (capname == NULL) {
snprintf(buf, sizeof(buf), "unknown (%d)", i);
capname = buf;
}
fprintf(fp, "\t%s\n", capname);
}
}

24
checkpolicy/test/dispol.c
View file

@ -282,15 +282,13 @@ static void display_policycaps(policydb_t * p, FILE * fp)
unsigned int i;
fprintf(fp, "policy capabilities:\n");
ebitmap_for_each_bit(&p->policycaps, node, i) {
if (ebitmap_node_get_bit(node, i)) {
capname = sepol_polcap_getname(i);
if (capname == NULL) {
snprintf(buf, sizeof(buf), "unknown (%d)", i);
capname = buf;
}
fprintf(fp, "\t%s\n", capname);
ebitmap_for_each_positive_bit(&p->policycaps, node, i) {
capname = sepol_polcap_getname(i);
if (capname == NULL) {
snprintf(buf, sizeof(buf), "unknown (%d)", i);
capname = buf;
}
fprintf(fp, "\t%s\n", capname);
}
}
@ -307,12 +305,10 @@ static void display_permissive(policydb_t *p, FILE *fp)
unsigned int i;
fprintf(fp, "permissive sids:\n");
ebitmap_for_each_bit(&p->permissive_map, node, i) {
if (ebitmap_node_get_bit(node, i)) {
fprintf(fp, "\t");
display_id(p, fp, SYM_TYPES, i - 1, "");
fprintf(fp, "\n");
}
ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
fprintf(fp, "\t");
display_id(p, fp, SYM_TYPES, i - 1, "");
fprintf(fp, "\n");
}
}

10
libselinux/src/audit2why.c
View file

@ -291,7 +291,7 @@ static int __policy_init(const char *init_path)
static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
int result;
char *init_path=NULL;
char *init_path = NULL;
if (avc) {
PyErr_SetString( PyExc_RuntimeError, "init called multiple times");
return NULL;
@ -322,7 +322,7 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
sepol_access_vector_t perm, av;
struct sepol_av_decision avd;
int rc;
int i=0;
int i = 0;
if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
return NULL;
@ -353,7 +353,7 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
/* iterate over items of the list, grabbing strings, and parsing
for numbers */
for (i=0; i<numlines; i++){
for (i = 0; i < numlines; i++){
const char *permstr;
/* grab the string object from the next element of the list */
@ -395,13 +395,13 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
} else {
PyObject *outboollist;
struct boolean_t *b = bools;
int len=0;
int len = 0;
while (b->name) {
len++; b++;
}
b = bools;
outboollist = PyList_New(len);
len=0;
len = 0;
while(b->name) {
PyObject *bool_ = Py_BuildValue("(si)", b->name, b->active);
PyList_SetItem(outboollist, len++, bool_);

4
libselinux/src/booleans.c
View file

@ -125,10 +125,10 @@ char *selinux_boolean_sub(const char *name)
dst++;
if (!*dst)
continue;
ptr=dst;
ptr = dst;
while (*ptr && !isspace(*ptr))
ptr++;
*ptr='\0';
*ptr = '\0';
sub = strdup(dst);

4
libselinux/src/init.c
View file

@ -83,8 +83,8 @@ hidden_def(selinuxfs_exists)
static void init_selinuxmnt(void)
{
char *buf=NULL, *p;
FILE *fp=NULL;
char *buf = NULL, *p;
FILE *fp = NULL;
size_t len;
ssize_t num;

8
libselinux/src/label_file.c
View file

@ -635,10 +635,10 @@ static int selabel_subs_init(const char *path, struct selabel_digest *digest,
dst = ptr;
while (*dst && isspace(*dst))
dst++;
ptr=dst;
ptr = dst;
while (*ptr && ! isspace(*ptr))
ptr++;
*ptr='\0';
*ptr = '\0';
if (! *dst)
continue;
@ -647,11 +647,11 @@ static int selabel_subs_init(const char *path, struct selabel_digest *digest,
goto err;
memset(sub, 0, sizeof(*sub));
sub->src=strdup(src);
sub->src = strdup(src);
if (! sub->src)
goto err;
sub->dst=strdup(dst);
sub->dst = strdup(dst);
if (! sub->dst)
goto err;

6
libselinux/src/mapping.c
View file

@ -143,7 +143,7 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
unsigned i;
access_vector_t kperm = 0;
for (i=0; i<current_mapping[tclass].num_perms; i++)
for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (tperm & (1<<i)) {
kperm |= current_mapping[tclass].perms[i];
tperm &= ~(1<<i);
@ -169,7 +169,7 @@ map_class(security_class_t kclass)
{
security_class_t i;
for (i=0; i<current_mapping_size; i++)
for (i = 0; i < current_mapping_size; i++)
if (current_mapping[i].value == kclass)
return i;
@ -189,7 +189,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
unsigned i;
access_vector_t tperm = 0;
for (i=0; i<current_mapping[tclass].num_perms; i++)
for (i = 0; i < current_mapping[tclass].num_perms; i++)
if (kperm & current_mapping[tclass].perms[i]) {
tperm |= 1<<i;
kperm &= ~current_mapping[tclass].perms[i];

2
libselinux/src/matchpathcon.c
View file

@ -414,7 +414,7 @@ int realpath_not_final(const char *name, char *resolved_path)
if (len + strlen(last_component) + 2 > PATH_MAX) {
myprintf("symlink_realpath(%s) failed: Filename too long \n",
name);
errno=ENAMETOOLONG;
errno = ENAMETOOLONG;
rc = -1;
goto out;
}

2
libselinux/src/seusers.c
View file

@ -274,7 +274,7 @@ int getseuser(const char *username, const char *service,
char *buffer = NULL;
size_t size = 0;
char *rec = NULL;
char *path=NULL;
char *path = NULL;
FILE *fp = NULL;
if (asprintf(&path,"%s/logins/%s", selinux_policy_root(), username) < 0)
goto err;

24
libselinux/src/sha1.c
View file

@ -78,7 +78,7 @@ void
CHAR64LONG16 workspace;
CHAR64LONG16* block = &workspace;
memcpy( block, buffer, 64 );
memcpy(block, buffer, 64);
// Copy context->state[] to working vars
a = state[0];
@ -160,18 +160,18 @@ void hidden
uint32_t j;
j = (Context->Count[0] >> 3) & 63;
if( (Context->Count[0] += BufferSize << 3) < (BufferSize << 3) )
if ((Context->Count[0] += BufferSize << 3) < (BufferSize << 3))
{
Context->Count[1]++;
}
Context->Count[1] += (BufferSize >> 29);
if( (j + BufferSize) > 63 )
if ((j + BufferSize) > 63)
{
i = 64 - j;
memcpy( &Context->Buffer[j], Buffer, i );
memcpy(&Context->Buffer[j], Buffer, i);
TransformFunction(Context->State, Context->Buffer);
for( ; i + 63 < BufferSize; i += 64 )
for (; i + 63 < BufferSize; i += 64)
{
TransformFunction(Context->State, (uint8_t*)Buffer + i);
}
@ -182,7 +182,7 @@ void hidden
i = 0;
}
memcpy( &Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i );
memcpy(&Context->Buffer[j], &((uint8_t*)Buffer)[i], BufferSize - i);
}
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@ -201,19 +201,19 @@ void hidden
uint32_t i;
uint8_t finalcount[8];
for( i=0; i<8; i++ )
for (i = 0; i < 8; i++)
{
finalcount[i] = (unsigned char)((Context->Count[(i >= 4 ? 0 : 1)]
>> ((3-(i & 3)) * 8) ) & 255); // Endian independent
}
Sha1Update( Context, (uint8_t*)"\x80", 1 );
while( (Context->Count[0] & 504) != 448 )
Sha1Update(Context, (uint8_t*)"\x80", 1);
while ((Context->Count[0] & 504) != 448)
{
Sha1Update( Context, (uint8_t*)"\0", 1 );
Sha1Update(Context, (uint8_t*)"\0", 1);
}
Sha1Update( Context, finalcount, 8 ); // Should cause a Sha1TransformFunction()
for( i=0; i<SHA1_HASH_SIZE; i++ )
Sha1Update(Context, finalcount, 8); // Should cause a Sha1TransformFunction()
for (i = 0; i < SHA1_HASH_SIZE; i++)
{
Digest->bytes[i] = (uint8_t)((Context->State[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
}

6
libselinux/src/stringrep.c
View file

@ -147,7 +147,7 @@ static struct discover_class_node * discover_class(const char *s)
err4:
closedir(dir);
for (i=0; i<MAXVECTORS; i++)
for (i = 0; i < MAXVECTORS; i++)
free(node->perms[i]);
err3:
free(node->name);
@ -214,7 +214,7 @@ security_class_t mode_to_security_class(mode_t m) {
if (S_ISSOCK(m))
return string_to_security_class("sock_file");
errno=EINVAL;
errno = EINVAL;
return 0;
}
@ -226,7 +226,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
node = get_class_cache_entry_value(kclass);
if (node != NULL) {
size_t i;
for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++)
for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
if (strcmp(node->perms[i],s) == 0)
return map_perm(tclass, 1<<i);
}

4
libselinux/utils/avcstat.c
View file

@ -116,7 +116,7 @@ int main(int argc, char **argv)
case 'h':
case '-':
usage();
exit(0);
exit(EXIT_SUCCESS);
default:
usage();
die("unrecognized parameter '%c'", i);
@ -133,7 +133,7 @@ int main(int argc, char **argv)
}
if (n == 0) {
usage();
exit(0);
exit(EXIT_SUCCESS);
}
interval = n;
}

2
libselinux/utils/compute_av.c
View file

@ -51,5 +51,5 @@ int main(int argc, char **argv)
printf("\n");
}
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/compute_create.c
View file

@ -32,5 +32,5 @@ int main(int argc, char **argv)
printf("%s\n", buf);
freecon(buf);
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/compute_member.c
View file

@ -32,5 +32,5 @@ int main(int argc, char **argv)
printf("%s\n", buf);
freecon(buf);
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/compute_relabel.c
View file

@ -32,5 +32,5 @@ int main(int argc, char **argv)
printf("%s\n", buf);
freecon(buf);
exit(0);
exit(EXIT_SUCCESS);
}

4
libselinux/utils/compute_user.c
View file

@ -27,12 +27,12 @@ int main(int argc, char **argv)
if (!buf[0]) {
printf("none\n");
exit(0);
exit(EXIT_SUCCESS);
}
for (ptr = buf; *ptr; ptr++) {
printf("%s\n", *ptr);
}
freeconary(buf);
exit(0);
exit(EXIT_SUCCESS);
}

5
libselinux/utils/getconlist.c
View file

@ -27,6 +27,11 @@ int main(int argc, char **argv)
switch (opt) {
case 'l':
level = strdup(optarg);
if (!level) {
fprintf(stderr, "memory allocation failure: %d(%s)\n",
errno, strerror(errno));
return 3;
}
break;
default:
usage(argv[0], "invalid option", 1);

2
libselinux/utils/getfilecon.c
View file

@ -23,5 +23,5 @@ int main(int argc, char **argv)
printf("%s\t%s\n", argv[i], buf);
freecon(buf);
}
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/getpidcon.c
View file

@ -27,5 +27,5 @@ int main(int argc, char **argv)
printf("%s\n", buf);
freecon(buf);
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/getseuser.c
View file

@ -36,5 +36,5 @@ int main(int argc, char **argv)
for (i = 0; i < n; i++)
printf("Context %d\t%s\n", i, contextlist[i]);
freeconary(contextlist);
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/matchpathcon.c
View file

@ -25,7 +25,7 @@ static int printmatchpathcon(const char *path, int header, int mode)
int rc = matchpathcon(path, mode, &buf);
if (rc < 0) {
if (errno == ENOENT) {
buf=strdup("<<none>>");
buf = strdup("<<none>>");
} else {
fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
strerror(errno));

2
libselinux/utils/policyvers.c
View file

@ -14,5 +14,5 @@ int main(int argc __attribute__ ((unused)), char **argv)
}
printf("%d\n", rc);
exit(0);
exit(EXIT_SUCCESS);
}

2
libselinux/utils/setfilecon.c
View file

@ -20,5 +20,5 @@ int main(int argc, char **argv)
exit(2);
}
}
exit(0);
exit(EXIT_SUCCESS);
}

2
libsemanage/src/direct_api.c
View file

@ -517,7 +517,7 @@ ssize_t bunzip(semanage_handle_t *sh, FILE *f, char **data)
size_t size = 1<<18;
size_t bufsize = size;
int bzerror;
size_t total=0;
size_t total = 0;
char* uncompress = NULL;
char* tmpalloc = NULL;
int ret = -1;

2
libsemanage/src/modules.c
View file

@ -1130,7 +1130,7 @@ int semanage_module_install_info(semanage_handle_t *sh,
int semanage_module_remove_key(semanage_handle_t *sh,
const semanage_module_key_t *modkey)
{
if (sh->funcs->remove_key== NULL) {
if (sh->funcs->remove_key == NULL) {
ERR(sh,
"No remove key function defined for this connection type.");
return -1;

2
libsemanage/src/seusers_local.c
View file

@ -133,7 +133,7 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
semanage_seuser_t *new = NULL;
if (!sename) {
errno=EINVAL;
errno = EINVAL;
return -1;
}
rc = semanage_seuser_clone(handle, data, &new);

4
libsemanage/src/users_local.c
View file

@ -38,7 +38,7 @@ static int lookup_seuser(semanage_handle_t * handle, const semanage_user_key_t *
semanage_seuser_list_local(handle,
&records,
&count);
for(i=0; i<count; i++) {
for(i = 0; i < count; i++) {
sename = semanage_seuser_get_sename(records[i]);
if (strcmp(name, sename) == 0) {
errno = EINVAL;
@ -47,7 +47,7 @@ static int lookup_seuser(semanage_handle_t * handle, const semanage_user_key_t *
rc = -1;
}
}
for(i=0; i<count; i++)
for(i = 0; i < count; i++)
semanage_seuser_free(records[i]);
free(records);
semanage_user_free(user);

107
libsepol/cil/src/cil_binary.c
View file

@ -441,9 +441,7 @@ int cil_roletype_to_policydb(policydb_t *pdb, const struct cil_db *db, struct ci
rc = __cil_get_sepol_role_datum(pdb, DATUM(role), &sepol_role);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(role->types, tnode, i) {
if (!ebitmap_get_bit(role->types, i)) continue;
ebitmap_for_each_positive_bit(role->types, tnode, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
if (rc != SEPOL_OK) goto exit;
@ -652,9 +650,7 @@ int cil_typeattribute_to_bitmap(policydb_t *pdb, const struct cil_db *db, struct
value = sepol_type->s.value;
ebitmap_for_each_bit(cil_attr->types, tnode, i) {
if (!ebitmap_get_bit(cil_attr->types, i)) continue;
ebitmap_for_each_positive_bit(cil_attr->types, tnode, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
if (rc != SEPOL_OK) goto exit;
@ -748,11 +744,7 @@ int cil_userrole_to_policydb(policydb_t *pdb, const struct cil_db *db, struct ci
goto exit;
}
ebitmap_for_each_bit(user->roles, rnode, i) {
if (!ebitmap_get_bit(user->roles, i)) {
continue;
}
ebitmap_for_each_positive_bit(user->roles, rnode, i) {
rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
if (rc != SEPOL_OK) {
goto exit;
@ -1105,15 +1097,11 @@ int __cil_type_rule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct ci
rc = __cil_get_sepol_type_datum(pdb, DATUM(cil_rule->result), &sepol_result);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&src_bitmap, node1, i) {
if (!ebitmap_get_bit(&src_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, node1, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&tgt_bitmap, node2, j) {
if (!ebitmap_get_bit(&tgt_bitmap, j)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, node2, j) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
if (rc != SEPOL_OK) goto exit;
@ -1182,15 +1170,11 @@ int __cil_typetransition_to_avtab(policydb_t *pdb, const struct cil_db *db, stru
rc = __cil_get_sepol_type_datum(pdb, DATUM(typetrans->result), &sepol_result);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&src_bitmap, node1, i) {
if (!ebitmap_get_bit(&src_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, node1, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&tgt_bitmap, node2, j) {
if (!ebitmap_get_bit(&tgt_bitmap, j)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, node2, j) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
if (rc != SEPOL_OK) goto exit;
@ -1475,9 +1459,7 @@ int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_a
goto exit;
}
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
rc = __cil_avrule_expand(pdb, kind, src, src, classperms, cond_node, cond_flavor);
if (rc != SEPOL_OK) {
@ -1506,11 +1488,9 @@ int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_a
goto exit;
}
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
ebitmap_for_each_bit(&tgt_bitmap, tnode, t) {
if (!ebitmap_get_bit(&tgt_bitmap, t)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, tnode, t) {
tgt = DATUM(db->val_to_type[t]);
rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
@ -1529,8 +1509,7 @@ int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_a
goto exit;
}
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
@ -1546,8 +1525,7 @@ int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struct cil_a
goto exit;
}
ebitmap_for_each_bit(&tgt_bitmap, tnode, t) {
if (!ebitmap_get_bit(&tgt_bitmap, t)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, tnode, t) {
tgt = DATUM(db->val_to_type[t]);
rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor);
@ -1619,9 +1597,7 @@ int __cil_permx_bitmap_to_sepol_xperms_list(ebitmap_t *xperms, struct cil_list *
start_new_range = 1;
ebitmap_for_each_bit(xperms, node, i) {
if (!ebitmap_get_bit(xperms, i)) continue;
ebitmap_for_each_positive_bit(xperms, node, i) {
if (start_new_range) {
low = i;
start_new_range = 0;
@ -1852,9 +1828,7 @@ int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, struct ci
rc = __cil_expand_type(src, &src_bitmap);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, src, cil_avrulex->perms.x.permx, args);
if (rc != SEPOL_OK) {
@ -1883,11 +1857,9 @@ int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, struct ci
goto exit;
}
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
ebitmap_for_each_bit(&tgt_bitmap, tnode, t) {
if (!ebitmap_get_bit(&tgt_bitmap, t)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, tnode, t) {
tgt = DATUM(db->val_to_type[t]);
rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
@ -1906,8 +1878,7 @@ int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, struct ci
goto exit;
}
ebitmap_for_each_bit(&src_bitmap, snode, s) {
if (!ebitmap_get_bit(&src_bitmap, s)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, snode, s) {
src = DATUM(db->val_to_type[s]);
rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
@ -1923,8 +1894,7 @@ int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, struct ci
goto exit;
}
ebitmap_for_each_bit(&tgt_bitmap, tnode, t) {
if (!ebitmap_get_bit(&tgt_bitmap, t)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, tnode, t) {
tgt = DATUM(db->val_to_type[t]);
rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args);
@ -2367,15 +2337,11 @@ int cil_roletrans_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c
rc = __cil_get_sepol_role_datum(pdb, DATUM(roletrans->result), &sepol_result);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&role_bitmap, rnode, i) {
if (!ebitmap_get_bit(&role_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&role_bitmap, rnode, i) {
rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&type_bitmap, tnode, j) {
if (!ebitmap_get_bit(&type_bitmap, j)) continue;
ebitmap_for_each_positive_bit(&type_bitmap, tnode, j) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
if (rc != SEPOL_OK) goto exit;
@ -2444,15 +2410,11 @@ int cil_roleallow_to_policydb(policydb_t *pdb, const struct cil_db *db, struct c
rc = __cil_expand_role(roleallow->tgt, &tgt_bitmap);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&src_bitmap, node1, i) {
if (!ebitmap_get_bit(&src_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, node1, i) {
rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_src);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&tgt_bitmap, node2, j) {
if (!ebitmap_get_bit(&tgt_bitmap, j)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, node2, j) {
rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[j]), &sepol_tgt);
if (rc != SEPOL_OK) goto exit;
@ -2487,11 +2449,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
rc = __cil_expand_user(item->data, &user_bitmap);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&user_bitmap, unode, i) {
if (!ebitmap_get_bit(&user_bitmap, i)) {
continue;
}
ebitmap_for_each_positive_bit(&user_bitmap, unode, i) {
rc = __cil_get_sepol_user_datum(pdb, DATUM(db->val_to_user[i]), &sepol_user);
if (rc != SEPOL_OK) {
ebitmap_destroy(&user_bitmap);
@ -2513,9 +2471,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
rc = __cil_expand_role(item->data, &role_bitmap);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&role_bitmap, rnode, i) {
if (!ebitmap_get_bit(&role_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&role_bitmap, rnode, i) {
rc = __cil_get_sepol_role_datum(pdb, DATUM(db->val_to_role[i]), &sepol_role);
if (rc != SEPOL_OK) {
ebitmap_destroy(&role_bitmap);
@ -2557,9 +2513,7 @@ int __cil_constrain_expr_datum_to_sepol_expr(policydb_t *pdb, const struct cil_d
rc = __cil_expand_type(item->data, &type_bitmap);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&type_bitmap, tnode, i) {
if (!ebitmap_get_bit(&type_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&type_bitmap, tnode, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_type);
if (rc != SEPOL_OK) {
ebitmap_destroy(&type_bitmap);
@ -3156,15 +3110,11 @@ int cil_rangetransition_to_policydb(policydb_t *pdb, const struct cil_db *db, st
class_list = cil_expand_class(rangetrans->obj);
ebitmap_for_each_bit(&src_bitmap, node1, i) {
if (!ebitmap_get_bit(&src_bitmap, i)) continue;
ebitmap_for_each_positive_bit(&src_bitmap, node1, i) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[i]), &sepol_src);
if (rc != SEPOL_OK) goto exit;
ebitmap_for_each_bit(&tgt_bitmap, node2, j) {
if (!ebitmap_get_bit(&tgt_bitmap, j)) continue;
ebitmap_for_each_positive_bit(&tgt_bitmap, node2, j) {
rc = __cil_get_sepol_type_datum(pdb, DATUM(db->val_to_type[j]), &sepol_tgt);
if (rc != SEPOL_OK) goto exit;
@ -4493,8 +4443,7 @@ static int __cil_add_sepol_type(policydb_t *pdb, const struct cil_db *db, struct
ebitmap_node_t *tnode;
unsigned int i;
struct cil_typeattribute *attr = (struct cil_typeattribute *)datum;
ebitmap_for_each_bit(attr->types, tnode, i) {
if (!ebitmap_get_bit(attr->types, i)) continue;
ebitmap_for_each_positive_bit(attr->types, tnode, i) {
datum = DATUM(db->val_to_type[i]);
rc = __cil_get_sepol_type_datum(pdb, datum, &sepol_datum);
if (rc != SEPOL_OK) goto exit;

12
libsepol/cil/src/cil_policy.c
View file

@ -342,9 +342,7 @@ static size_t __cil_userattribute_len(struct cil_db *db, struct cil_userattribut
unsigned int i;
size_t len = 0;
ebitmap_for_each_bit(attr->users, unode, i) {
if (!ebitmap_get_bit(attr->users, i))
continue;
ebitmap_for_each_positive_bit(attr->users, unode, i) {
len += strlen(DATUM(db->val_to_user[i])->fqn);
len++;
}
@ -454,9 +452,7 @@ static char *__cil_userattribute_to_string(struct cil_db *db, struct cil_useratt
char *str;
size_t len;
ebitmap_for_each_bit(attr->users, unode, i) {
if (!ebitmap_get_bit(attr->users, i))
continue;
ebitmap_for_each_positive_bit(attr->users, unode, i) {
str = DATUM(db->val_to_user[i])->fqn;
len = strlen(str);
memcpy(new, str, len);
@ -1118,9 +1114,7 @@ static void cil_xperms_to_policy(FILE *out, struct cil_permissionx *permx)
fprintf(out, "%s %s {", DATUM(permx->obj)->fqn, kind);
ebitmap_for_each_bit(permx->perms, node, i) {
if (!ebitmap_get_bit(permx->perms, i))
continue;
ebitmap_for_each_positive_bit(permx->perms, node, i) {
if (need_first == CIL_TRUE) {
first = i;
need_first = CIL_FALSE;

12
libsepol/cil/src/cil_post.c
View file

@ -1654,13 +1654,9 @@ static int __cil_post_db_roletype_helper(struct cil_tree_node *node, uint32_t *f
ebitmap_node_t *rnode;
unsigned int i;
ebitmap_for_each_bit(attr->roles, rnode, i) {
ebitmap_for_each_positive_bit(attr->roles, rnode, i) {
struct cil_role *role = NULL;
if (!ebitmap_get_bit(attr->roles, i)) {
continue;
}
role = db->val_to_role[i];
rc = __cil_role_assign_types(role, type_datum);
@ -1751,11 +1747,7 @@ static int __cil_post_db_userrole_helper(struct cil_tree_node *node, uint32_t *f
if (user_node->flavor == CIL_USERATTRIBUTE) {
u_attr = userrole->user;
ebitmap_for_each_bit(u_attr->users, unode, i) {
if (!ebitmap_get_bit(u_attr->users, i)) {
continue;
}
ebitmap_for_each_positive_bit(u_attr->users, unode, i) {
user = db->val_to_user[i];
rc = __cil_user_assign_roles(user, role_datum);

4
libsepol/cil/src/cil_verify.c
View file

@ -221,8 +221,8 @@ int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_fl
cil_log(CIL_ERR, "l1, l2, h1, and h2 cannot be used on the left side with a string or list on the right side\n");
goto exit;
} else if (l_flavor == CIL_CONS_U3 || l_flavor == CIL_CONS_R3 || l_flavor == CIL_CONS_T3) {
if (expr_flavor != CIL_MLSVALIDATETRANS) {
cil_log(CIL_ERR, "u3, r3, and t3 can only be used with mlsvalidatetrans rules\n");
if (expr_flavor != CIL_VALIDATETRANS && expr_flavor != CIL_MLSVALIDATETRANS) {
cil_log(CIL_ERR, "u3, r3, and t3 can only be used with (mls)validatetrans rules\n");
goto exit;
}
}

3
libsepol/include/sepol/policydb/ebitmap.h
View file

@ -76,6 +76,9 @@ static inline int ebitmap_node_get_bit(ebitmap_node_t * n, unsigned int bit)
#define ebitmap_for_each_bit(e, n, bit) \
for (bit = ebitmap_start(e, &n); bit < ebitmap_length(e); bit = ebitmap_next(&n, bit)) \
#define ebitmap_for_each_positive_bit(e, n, bit) \
ebitmap_for_each_bit(e, n, bit) if (ebitmap_node_get_bit(n, bit)) \
extern int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2);
extern int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2);
extern int ebitmap_union(ebitmap_t * dst, const ebitmap_t * e1);

34
libsepol/src/assertion.c
View file

@ -157,12 +157,8 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle,
memcpy(&tmp_key, k, sizeof(avtab_key_t));
tmp_key.specified = AVTAB_XPERMS_ALLOWED;
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
ebitmap_for_each_positive_bit(tattr, tnode, j) {
tmp_key.source_type = i + 1;
tmp_key.target_type = j + 1;
for (node = avtab_search_node(avtab, &tmp_key);
@ -270,13 +266,8 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void
continue;
}
ebitmap_for_each_bit(&src_matches, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(&tgt_matches, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&src_matches, snode, i) {
ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) {
a->errors += report_assertion_extended_permissions(handle,p, avrule,
i, j, cp, perms, k, avtab);
@ -345,12 +336,8 @@ static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t
memcpy(&tmp_key, k, sizeof(avtab_key_t));
tmp_key.specified = AVTAB_XPERMS_ALLOWED;
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
ebitmap_for_each_positive_bit(tattr, tnode, j) {
tmp_key.source_type = i + 1;
tmp_key.target_type = j + 1;
for (node = avtab_search_node(avtab, &tmp_key);
@ -437,13 +424,8 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
for (cp = avrule->perms; cp; cp = cp->next) {
if (cp->tclass != k->target_class)
continue;
ebitmap_for_each_bit(&src_matches, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(&tgt_matches, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&src_matches, snode, i) {
ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
ret = check_assertion_extended_permissions_avtab(
avrule, avtab, i, j, k, p);
if (ret)

189
libsepol/src/expand.c
View file

@ -62,9 +62,7 @@ static int map_ebitmap(ebitmap_t * src, ebitmap_t * dst, uint32_t * map)
ebitmap_node_t *tnode;
ebitmap_init(dst);
ebitmap_for_each_bit(src, tnode, i) {
if (!ebitmap_node_get_bit(tnode, i))
continue;
ebitmap_for_each_positive_bit(src, tnode, i) {
if (!map[i])
continue;
if (ebitmap_set_bit(dst, map[i] - 1, 1))
@ -771,25 +769,23 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
}
ebitmap_destroy(&mapped_roles);
ebitmap_for_each_bit(&role->roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
/* take advantage of sym_val_to_name[]
* of the base module */
base_reg_role_id = state->base->p_role_val_to_name[i];
regular_role = (role_datum_t *)hashtab_search(
state->out->p_roles.table,
base_reg_role_id);
assert(regular_role != NULL &&
regular_role->flavor == ROLE_ROLE);
ebitmap_for_each_positive_bit(&role->roles, rnode, i) {
/* take advantage of sym_val_to_name[]
* of the base module */
base_reg_role_id = state->base->p_role_val_to_name[i];
regular_role = (role_datum_t *)hashtab_search(
state->out->p_roles.table,
base_reg_role_id);
assert(regular_role != NULL &&
regular_role->flavor == ROLE_ROLE);
if (ebitmap_union(&regular_role->types.types,
&new_role->types.types)) {
ERR(state->handle, "Out of memory!");
return -1;
}
if (ebitmap_union(&regular_role->types.types,
&new_role->types.types)) {
ERR(state->handle, "Out of memory!");
return -1;
}
}
return 0;
}
@ -1244,12 +1240,8 @@ static int copy_role_allows(expand_state_t * state, role_allow_rule_t * rules)
return -1;
}
ebitmap_for_each_bit(&roles, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(&new_roles, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&roles, snode, i) {
ebitmap_for_each_positive_bit(&new_roles, tnode, j) {
/* check for duplicates */
cur_allow = state->out->role_allow;
while (cur_allow) {
@ -1312,16 +1304,9 @@ static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
ERR(state->handle, "Out of memory!");
return -1;
}
ebitmap_for_each_bit(&roles, rnode, i) {
if (!ebitmap_node_get_bit(rnode, i))
continue;
ebitmap_for_each_bit(&types, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_bit(&cur->classes, cnode, k) {
if (!ebitmap_node_get_bit(cnode, k))
continue;
ebitmap_for_each_positive_bit(&roles, rnode, i) {
ebitmap_for_each_positive_bit(&types, tnode, j) {
ebitmap_for_each_positive_bit(&cur->classes, cnode, k) {
cur_trans = state->out->role_tr;
while (cur_trans) {
unsigned int mapped_role;
@ -1414,13 +1399,8 @@ static int expand_filename_trans(expand_state_t *state, filename_trans_rule_t *r
mapped_otype = state->typemap[cur_rule->otype - 1];
ebitmap_for_each_bit(&stypes, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(&ttypes, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&stypes, snode, i) {
ebitmap_for_each_positive_bit(&ttypes, tnode, j) {
key.stype = i + 1;
key.ttype = j + 1;
key.tclass = cur_rule->tclass;
@ -1585,18 +1565,11 @@ static int expand_range_trans(expand_state_t * state,
}
/* loop on source type */
ebitmap_for_each_bit(&stypes, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_positive_bit(&stypes, snode, i) {
/* loop on target type */
ebitmap_for_each_bit(&ttypes, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&ttypes, tnode, j) {
/* loop on target class */
ebitmap_for_each_bit(&rule->tclasses, cnode, k) {
if (!ebitmap_node_get_bit(cnode, k))
continue;
ebitmap_for_each_positive_bit(&rule->tclasses, cnode, k) {
if (exp_rangetr_helper(i + 1,
j + 1,
k + 1,
@ -1912,9 +1885,7 @@ static int expand_rule_helper(sepol_handle_t * handle,
int retval;
ebitmap_node_t *snode, *tnode;
ebitmap_for_each_bit(stypes, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_positive_bit(stypes, snode, i) {
if (source_rule->flags & RULE_SELF) {
if (source_rule->specified & (AVRULE_AV | AVRULE_XPERMS)) {
retval = expand_avrule_helper(handle, source_rule->specified,
@ -1931,9 +1902,7 @@ static int expand_rule_helper(sepol_handle_t * handle,
return retval;
}
}
ebitmap_for_each_bit(ttypes, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(ttypes, tnode, j) {
if (source_rule->specified & (AVRULE_AV | AVRULE_XPERMS)) {
retval = expand_avrule_helper(handle, source_rule->specified,
cond, i, j, source_rule->perms,
@ -2362,9 +2331,7 @@ static int type_attr_map(hashtab_key_t key
if (ebitmap_cpy(&p->attr_type_map[value - 1], &type->types)) {
goto oom;
}
ebitmap_for_each_bit(&type->types, tnode, i) {
if (!ebitmap_node_get_bit(tnode, i))
continue;
ebitmap_for_each_positive_bit(&type->types, tnode, i) {
if (ebitmap_set_bit(&p->type_attr_map[i], value - 1, 1)) {
goto oom;
}
@ -2475,20 +2442,18 @@ int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * out, policydb_t
if (rolemap) {
assert(base != NULL);
ebitmap_for_each_bit(&x->roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
/* take advantage of p_role_val_to_struct[]
* of the base module */
role = base->role_val_to_struct[i];
assert(role != NULL);
if (role->flavor == ROLE_ATTRIB) {
if (ebitmap_union(&roles,
&role->roles))
goto bad;
} else {
if (ebitmap_set_bit(&roles, i, 1))
goto bad;
}
ebitmap_for_each_positive_bit(&x->roles, rnode, i) {
/* take advantage of p_role_val_to_struct[]
* of the base module */
role = base->role_val_to_struct[i];
assert(role != NULL);
if (role->flavor == ROLE_ATTRIB) {
if (ebitmap_union(&roles,
&role->roles))
goto bad;
} else {
if (ebitmap_set_bit(&roles, i, 1))
goto bad;
}
}
if (map_ebitmap(&roles, &mapped_roles, rolemap))
@ -2498,11 +2463,9 @@ int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * out, policydb_t
goto bad;
}
ebitmap_for_each_bit(&mapped_roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
if (ebitmap_set_bit(r, i, 1))
goto bad;
}
ebitmap_for_each_positive_bit(&mapped_roles, rnode, i) {
if (ebitmap_set_bit(r, i, 1))
goto bad;
}
ebitmap_destroy(&mapped_roles);
@ -2549,10 +2512,7 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
ebitmap_init(t);
/* First go through the types and OR all the attributes to types */
ebitmap_for_each_bit(&set->types, tnode, i) {
if (!ebitmap_node_get_bit(tnode, i))
continue;
ebitmap_for_each_positive_bit(&set->types, tnode, i) {
/*
* invalid policies might have more types set in the ebitmap than
* what's available in the type_val_to_struct mapping
@ -2580,19 +2540,17 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
/* Now do the same thing for negset */
ebitmap_init(&neg_types);
ebitmap_for_each_bit(&set->negset, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
if (p->type_val_to_struct[i] &&
p->type_val_to_struct[i]->flavor == TYPE_ATTRIB) {
if (ebitmap_union
(&neg_types,
&p->type_val_to_struct[i]->types)) {
goto err_neg;
}
} else {
if (ebitmap_set_bit(&neg_types, i, 1)) {
goto err_neg;
}
ebitmap_for_each_positive_bit(&set->negset, tnode, i) {
if (p->type_val_to_struct[i] &&
p->type_val_to_struct[i]->flavor == TYPE_ATTRIB) {
if (ebitmap_union
(&neg_types,
&p->type_val_to_struct[i]->types)) {
goto err_neg;
}
} else {
if (ebitmap_set_bit(&neg_types, i, 1)) {
goto err_neg;
}
}
}
@ -2611,9 +2569,8 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
goto out;
}
ebitmap_for_each_bit(&types, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)
&& (!ebitmap_get_bit(&neg_types, i)))
ebitmap_for_each_positive_bit(&types, tnode, i) {
if (!ebitmap_get_bit(&neg_types, i))
if (ebitmap_set_bit(t, i, 1))
goto err_neg;
}
@ -3316,9 +3273,7 @@ static int expand_avtab_node(avtab_key_t * k, avtab_datum_t * d, void *args)
if (stype && stype->flavor != TYPE_ATTRIB) {
/* Source is an individual type, target is an attribute. */
newkey.source_type = k->source_type;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(tattr, tnode, j) {
newkey.target_type = j + 1;
rc = expand_avtab_insert(expa, &newkey, d);
if (rc)
@ -3330,9 +3285,7 @@ static int expand_avtab_node(avtab_key_t * k, avtab_datum_t * d, void *args)
if (ttype && ttype->flavor != TYPE_ATTRIB) {
/* Target is an individual type, source is an attribute. */
newkey.target_type = k->target_type;
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
newkey.source_type = i + 1;
rc = expand_avtab_insert(expa, &newkey, d);
if (rc)
@ -3342,12 +3295,8 @@ static int expand_avtab_node(avtab_key_t * k, avtab_datum_t * d, void *args)
}
/* Both source and target type are attributes. */
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
ebitmap_for_each_positive_bit(tattr, tnode, j) {
newkey.source_type = i + 1;
newkey.target_type = j + 1;
rc = expand_avtab_insert(expa, &newkey, d);
@ -3446,9 +3395,7 @@ int expand_cond_av_node(policydb_t * p,
if (stype && stype->flavor != TYPE_ATTRIB) {
/* Source is an individual type, target is an attribute. */
newkey.source_type = k->source_type;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(tattr, tnode, j) {
newkey.target_type = j + 1;
rc = expand_cond_insert(newl, expa, &newkey, d);
if (rc)
@ -3460,9 +3407,7 @@ int expand_cond_av_node(policydb_t * p,
if (ttype && ttype->flavor != TYPE_ATTRIB) {
/* Target is an individual type, source is an attribute. */
newkey.target_type = k->target_type;
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
newkey.source_type = i + 1;
rc = expand_cond_insert(newl, expa, &newkey, d);
if (rc)
@ -3472,12 +3417,8 @@ int expand_cond_av_node(policydb_t * p,
}
/* Both source and target type are attributes. */
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
ebitmap_for_each_positive_bit(tattr, tnode, j) {
newkey.source_type = i + 1;
newkey.target_type = j + 1;
rc = expand_cond_insert(newl, expa, &newkey, d);

17
libsepol/src/genusers.c
View file

@ -169,15 +169,14 @@ static int load_users(struct policydb *policydb, const char *path)
continue;
}
/* Set the role and every role it dominates */
ebitmap_for_each_bit(&roldatum->dominates, rnode, bit) {
if (ebitmap_node_get_bit(rnode, bit))
if (ebitmap_set_bit
(&usrdatum->roles.roles, bit, 1)) {
ERR(NULL, "out of memory");
free(buffer);
fclose(fp);
return -1;
}
ebitmap_for_each_positive_bit(&roldatum->dominates, rnode, bit) {
if (ebitmap_set_bit
(&usrdatum->roles.roles, bit, 1)) {
ERR(NULL, "out of memory");
free(buffer);
fclose(fp);
return -1;
}
}
} while (islist);
if (oldc == 0)

8
libsepol/src/hierarchy.c
View file

@ -111,9 +111,7 @@ static int bounds_expand_rule(sepol_handle_t *handle, policydb_t *p,
if (ebitmap_get_bit(&p->attr_type_map[src - 1], parent - 1)) {
avtab_key.source_type = parent;
ebitmap_for_each_bit(&p->attr_type_map[tgt - 1], tnode, i) {
if (!ebitmap_node_get_bit(tnode, i))
continue;
ebitmap_for_each_positive_bit(&p->attr_type_map[tgt - 1], tnode, i) {
avtab_key.target_type = i + 1;
rc = bounds_insert_rule(handle, avtab, global, other,
&avtab_key, &datum);
@ -298,9 +296,7 @@ static int bounds_check_rule(sepol_handle_t *handle, policydb_t *p,
if (ebitmap_get_bit(&p->attr_type_map[src - 1], child - 1)) {
avtab_key.source_type = parent;
ebitmap_for_each_bit(&p->attr_type_map[tgt - 1], tnode, i) {
if (!ebitmap_node_get_bit(tnode, i))
continue;
ebitmap_for_each_positive_bit(&p->attr_type_map[tgt - 1], tnode, i) {
td = p->type_val_to_struct[i];
if (td && td->bounds) {
avtab_key.target_type = td->bounds;

17
libsepol/src/kernel_to_cil.c
View file

@ -993,10 +993,7 @@ static size_t cats_ebitmap_len(struct ebitmap *cats, char **val_to_name)
size_t len = 0;
range = 0;
ebitmap_for_each_bit(cats, node, i) {
if (!ebitmap_get_bit(cats, i))
continue;
ebitmap_for_each_positive_bit(cats, node, i) {
if (range == 0)
start = i;
@ -1044,10 +1041,7 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
remaining--;;
range = 0;
ebitmap_for_each_bit(cats, node, i) {
if (!ebitmap_get_bit(cats, i))
continue;
ebitmap_for_each_positive_bit(cats, node, i) {
if (range == 0)
start = i;
@ -1164,9 +1158,7 @@ static int write_polcap_rules_to_cil(FILE *out, struct policydb *pdb)
goto exit;
}
ebitmap_for_each_bit(&pdb->policycaps, node, i) {
if (!ebitmap_get_bit(&pdb->policycaps, i)) continue;
ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) {
name = sepol_polcap_getname(i);
if (name == NULL) {
sepol_log_err("Unknown policy capability id: %i", i);
@ -1545,8 +1537,7 @@ static int write_type_permissive_rules_to_cil(FILE *out, struct policydb *pdb)
goto exit;
}
ebitmap_for_each_bit(&pdb->permissive_map, node, i) {
if (!ebitmap_get_bit(&pdb->permissive_map, i)) continue;
ebitmap_for_each_positive_bit(&pdb->permissive_map, node, i) {
rc = strs_add(strs, pdb->p_type_val_to_name[i-1]);
if (rc != 0) {
goto exit;

4
libsepol/src/kernel_to_common.c
View file

@ -360,9 +360,7 @@ int ebitmap_to_strs(struct ebitmap *map, struct strs *strs, char **val_to_name)
uint32_t i;
int rc;
ebitmap_for_each_bit(map, node, i) {
if (!ebitmap_get_bit(map, i)) continue;
ebitmap_for_each_positive_bit(map, node, i) {
rc = strs_add(strs, val_to_name[i]);
if (rc != 0) {
return -1;

17
libsepol/src/kernel_to_conf.c
View file

@ -978,10 +978,7 @@ static size_t cats_ebitmap_len(struct ebitmap *cats, char **val_to_name)
size_t len = 0;
range = 0;
ebitmap_for_each_bit(cats, node, i) {
if (!ebitmap_get_bit(cats, i))
continue;
ebitmap_for_each_positive_bit(cats, node, i) {
if (range == 0)
start = i;
@ -1020,10 +1017,7 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
first = 1;
range = 0;
ebitmap_for_each_bit(cats, node, i) {
if (!ebitmap_get_bit(cats, i))
continue;
ebitmap_for_each_positive_bit(cats, node, i) {
if (range == 0)
start = i;
@ -1138,9 +1132,7 @@ static int write_polcap_rules_to_conf(FILE *out, struct policydb *pdb)
goto exit;
}
ebitmap_for_each_bit(&pdb->policycaps, node, i) {
if (!ebitmap_get_bit(&pdb->policycaps, i)) continue;
ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) {
name = sepol_polcap_getname(i);
if (name == NULL) {
sepol_log_err("Unknown policy capability id: %i", i);
@ -1590,8 +1582,7 @@ static int write_type_permissive_rules_to_conf(FILE *out, struct policydb *pdb)
goto exit;
}
ebitmap_for_each_bit(&pdb->permissive_map, node, i) {
if (!ebitmap_get_bit(&pdb->permissive_map, i)) continue;
ebitmap_for_each_positive_bit(&pdb->permissive_map, node, i) {
rc = strs_add(strs, pdb->p_type_val_to_name[i-1]);
if (rc != 0) {
goto exit;

186
libsepol/src/link.c
View file

@ -962,22 +962,18 @@ static int type_set_convert(type_set_t * types, type_set_t * dst,
{
unsigned int i;
ebitmap_node_t *tnode;
ebitmap_for_each_bit(&types->types, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&dst->types, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&types->types, tnode, i) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&dst->types, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
}
ebitmap_for_each_bit(&types->negset, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&dst->negset, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&types->negset, tnode, i) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&dst->negset, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
}
dst->flags = types->flags;
@ -1019,13 +1015,11 @@ static int role_set_or_convert(role_set_t * roles, role_set_t * dst,
ebitmap_node_t *rnode;
ebitmap_init(&tmp);
ebitmap_for_each_bit(&roles->roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&roles->roles, rnode, i) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
}
if (ebitmap_union(&dst->roles, &tmp)) {
@ -1115,13 +1109,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
}
ebitmap_init(&e_tmp);
ebitmap_for_each_bit(&role->dominates, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&role->dominates, rnode, i) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
}
if (ebitmap_union(&dest_role->dominates, &e_tmp)) {
@ -1134,13 +1126,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
if (role->flavor == ROLE_ATTRIB) {
ebitmap_init(&e_tmp);
ebitmap_for_each_bit(&role->roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&role->roles, rnode, i) {
assert(mod->map[SYM_ROLES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_ROLES][i] - 1, 1)) {
goto cleanup;
}
}
if (ebitmap_union(&dest_role->roles, &e_tmp)) {
@ -1189,13 +1179,11 @@ static int type_fix_callback(hashtab_key_t key, hashtab_datum_t datum,
}
ebitmap_init(&e_tmp);
ebitmap_for_each_bit(&type->types, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&type->types, tnode, i) {
assert(mod->map[SYM_TYPES][i]);
if (ebitmap_set_bit
(&e_tmp, mod->map[SYM_TYPES][i] - 1, 1)) {
goto cleanup;
}
}
if (ebitmap_union(&new_type->types, &e_tmp)) {
@ -1388,15 +1376,13 @@ static int copy_role_trans_list(role_trans_rule_t * list,
goto cleanup;
}
ebitmap_for_each_bit(&cur->classes, cnode, i) {
if (ebitmap_node_get_bit(cnode, i)) {
assert(module->map[SYM_CLASSES][i]);
if (ebitmap_set_bit(&new_rule->classes,
module->
map[SYM_CLASSES][i] - 1,
1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&cur->classes, cnode, i) {
assert(module->map[SYM_CLASSES][i]);
if (ebitmap_set_bit(&new_rule->classes,
module->
map[SYM_CLASSES][i] - 1,
1)) {
goto cleanup;
}
}
@ -1530,14 +1516,12 @@ static int copy_range_trans_list(range_trans_rule_t * rules,
mod, state))
goto cleanup;
ebitmap_for_each_bit(&rule->tclasses, cnode, i) {
if (ebitmap_node_get_bit(cnode, i)) {
assert(mod->map[SYM_CLASSES][i]);
if (ebitmap_set_bit
(&new_rule->tclasses,
mod->map[SYM_CLASSES][i] - 1, 1)) {
goto cleanup;
}
ebitmap_for_each_positive_bit(&rule->tclasses, cnode, i) {
assert(mod->map[SYM_CLASSES][i]);
if (ebitmap_set_bit
(&new_rule->tclasses,
mod->map[SYM_CLASSES][i] - 1, 1)) {
goto cleanup;
}
}
@ -1678,20 +1662,18 @@ static int copy_scope_index(scope_index_t * src, scope_index_t * dest,
if (copy_callback_f[i] == NULL) {
continue;
}
ebitmap_for_each_bit(srcmap, node, j) {
if (ebitmap_node_get_bit(node, j)) {
assert(module->map[i][j] != 0);
if (ebitmap_set_bit
(destmap, module->map[i][j] - 1, 1) != 0) {
ebitmap_for_each_positive_bit(srcmap, node, j) {
assert(module->map[i][j] != 0);
if (ebitmap_set_bit
(destmap, module->map[i][j] - 1, 1) != 0) {
goto cleanup;
}
if (i == SYM_CLASSES &&
largest_mapped_class_value <
module->map[SYM_CLASSES][j]) {
largest_mapped_class_value =
module->map[SYM_CLASSES][j];
}
goto cleanup;
}
if (i == SYM_CLASSES &&
largest_mapped_class_value <
module->map[SYM_CLASSES][j]) {
largest_mapped_class_value =
module->map[SYM_CLASSES][j];
}
}
}
@ -1710,9 +1692,8 @@ static int copy_scope_index(scope_index_t * src, scope_index_t * dest,
ebitmap_t *srcmap = src->class_perms_map + i;
ebitmap_t *destmap =
dest->class_perms_map + module->map[SYM_CLASSES][i] - 1;
ebitmap_for_each_bit(srcmap, node, j) {
if (ebitmap_node_get_bit(node, j) &&
ebitmap_set_bit(destmap, module->perm_map[i][j] - 1,
ebitmap_for_each_positive_bit(srcmap, node, j) {
if (ebitmap_set_bit(destmap, module->perm_map[i][j] - 1,
1)) {
goto cleanup;
}
@ -2012,11 +1993,7 @@ static int is_decl_requires_met(link_state_t * state,
continue;
}
bitmap = &decl->required.scope[i];
ebitmap_for_each_bit(bitmap, node, j) {
if (!ebitmap_node_get_bit(node, j)) {
continue;
}
ebitmap_for_each_positive_bit(bitmap, node, j) {
/* check base's scope table */
id = pol->sym_val_to_name[i][j];
if (!is_id_enabled(id, state->base, i)) {
@ -2033,16 +2010,13 @@ static int is_decl_requires_met(link_state_t * state,
for (i = 0; i < decl->required.class_perms_len; i++) {
bitmap = decl->required.class_perms_map + i;
ebitmap_for_each_bit(bitmap, node, j) {
ebitmap_for_each_positive_bit(bitmap, node, j) {
struct find_perm_arg fparg;
class_datum_t *cladatum;
uint32_t perm_value = j + 1;
int rc;
scope_datum_t *scope;
if (!ebitmap_node_get_bit(node, j)) {
continue;
}
id = pol->p_class_val_to_name[i];
cladatum = pol->class_val_to_struct[i];
@ -2439,32 +2413,30 @@ static int expand_role_attributes(hashtab_key_t key, hashtab_datum_t datum,
INFO(state->handle, "expanding role attribute %s", id);
restart:
ebitmap_for_each_bit(&role->roles, rnode, i) {
if (ebitmap_node_get_bit(rnode, i)) {
sub_attr = state->base->role_val_to_struct[i];
if (sub_attr->flavor != ROLE_ATTRIB)
continue;
/* remove the sub role attribute from the parent
* role attribute's roles ebitmap */
if (ebitmap_set_bit(&role->roles, i, 0))
return -1;
ebitmap_for_each_positive_bit(&role->roles, rnode, i) {
sub_attr = state->base->role_val_to_struct[i];
if (sub_attr->flavor != ROLE_ATTRIB)
continue;
/* loop dependency of role attributes */
if (sub_attr->s.value == role->s.value)
continue;
/* remove the sub role attribute from the parent
* role attribute's roles ebitmap */
if (ebitmap_set_bit(&role->roles, i, 0))
return -1;
/* now go on to expand a sub role attribute
* by escalating its roles ebitmap */
if (ebitmap_union(&role->roles, &sub_attr->roles)) {
ERR(state->handle, "Out of memory!");
return -1;
}
/* sub_attr->roles may contain other role attributes,
* re-scan the parent role attribute's roles ebitmap */
goto restart;
/* loop dependency of role attributes */
if (sub_attr->s.value == role->s.value)
continue;
/* now go on to expand a sub role attribute
* by escalating its roles ebitmap */
if (ebitmap_union(&role->roles, &sub_attr->roles)) {
ERR(state->handle, "Out of memory!");
return -1;
}
/* sub_attr->roles may contain other role attributes,
* re-scan the parent role attribute's roles ebitmap */
goto restart;
}
return 0;

50
libsepol/src/mls.c
View file

@ -289,17 +289,15 @@ int mls_context_isvalid(const policydb_t * p, const context_struct_t * c)
if (!levdatum)
return 0;
ebitmap_for_each_bit(&c->range.level[l].cat, cnode, i) {
if (ebitmap_node_get_bit(cnode, i)) {
if (i > p->p_cats.nprim)
return 0;
if (!ebitmap_get_bit(&levdatum->level->cat, i))
/*
* Category may not be associated with
* sensitivity in low level.
*/
return 0;
}
ebitmap_for_each_positive_bit(&c->range.level[l].cat, cnode, i) {
if (i > p->p_cats.nprim)
return 0;
if (!ebitmap_get_bit(&levdatum->level->cat, i))
/*
* Category may not be associated with
* sensitivity in low level.
*/
return 0;
}
}
@ -579,23 +577,21 @@ int mls_convert_context(policydb_t * oldp,
c->range.level[l].sens = levdatum->level->sens;
ebitmap_init(&bitmap);
ebitmap_for_each_bit(&c->range.level[l].cat, cnode, i) {
if (ebitmap_node_get_bit(cnode, i)) {
int rc;
ebitmap_for_each_positive_bit(&c->range.level[l].cat, cnode, i) {
int rc;
catdatum =
(cat_datum_t *) hashtab_search(newp->p_cats.
table,
oldp->
p_cat_val_to_name
[i]);
if (!catdatum)
return -EINVAL;
rc = ebitmap_set_bit(&bitmap,
catdatum->s.value - 1, 1);
if (rc)
return rc;
}
catdatum =
(cat_datum_t *) hashtab_search(newp->p_cats.
table,
oldp->
p_cat_val_to_name
[i]);
if (!catdatum)
return -EINVAL;
rc = ebitmap_set_bit(&bitmap,
catdatum->s.value - 1, 1);
if (rc)
return rc;
}
ebitmap_destroy(&c->range.level[l].cat);
c->range.level[l].cat = bitmap;

88
libsepol/src/module_to_cil.c
View file

@ -732,10 +732,7 @@ static int ebitmap_to_cil(struct policydb *pdb, struct ebitmap *map, int type)
uint32_t i;
char **val_to_name = pdb->sym_val_to_name[type];
ebitmap_for_each_bit(map, node, i) {
if (!ebitmap_get_bit(map, i)) {
continue;
}
ebitmap_for_each_positive_bit(map, node, i) {
cil_printf("%s ", val_to_name[i]);
}
@ -862,10 +859,7 @@ static int cil_print_attr_strs(int indent, struct policydb *pdb, int is_type, vo
if (has_positive) {
cil_printf("(");
ebitmap_for_each_bit(pos, node, i) {
if (!ebitmap_get_bit(pos, i)) {
continue;
}
ebitmap_for_each_positive_bit(pos, node, i) {
cil_printf("%s ", val_to_name[i]);
}
cil_printf(") ");
@ -874,10 +868,7 @@ static int cil_print_attr_strs(int indent, struct policydb *pdb, int is_type, vo
if (has_negative) {
cil_printf("(not (");
ebitmap_for_each_bit(neg, node, i) {
if (!ebitmap_get_bit(neg, i)) {
continue;
}
ebitmap_for_each_positive_bit(neg, node, i) {
cil_printf("%s ", val_to_name[i]);
}
@ -999,15 +990,13 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n
char **name_arr;
num = 0;
ebitmap_for_each_bit(map, node, i) {
if (ebitmap_get_bit(map, i)) {
if (num >= UINT32_MAX / sizeof(*name_arr)) {
log_err("Overflow");
rc = -1;
goto exit;
}
num++;
ebitmap_for_each_positive_bit(map, node, i) {
if (num >= UINT32_MAX / sizeof(*name_arr)) {
log_err("Overflow");
rc = -1;
goto exit;
}
num++;
}
if (!num) {
@ -1024,11 +1013,9 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n
}
num = 0;
ebitmap_for_each_bit(map, node, i) {
if (ebitmap_get_bit(map, i)) {
name_arr[num] = vals_to_names[i];
num++;
}
ebitmap_for_each_positive_bit(map, node, i) {
name_arr[num] = vals_to_names[i];
num++;
}
*names = name_arr;
@ -1469,10 +1456,7 @@ static int role_trans_to_cil(int indent, struct policydb *pdb, struct role_trans
for (role = 0; role < num_role_names; role++) {
for (type = 0; type < num_type_names; type++) {
ebitmap_for_each_bit(&rule->classes, node, i) {
if (!ebitmap_get_bit(&rule->classes, i)) {
continue;
}
ebitmap_for_each_positive_bit(&rule->classes, node, i) {
cil_println(indent, "(roletransition %s %s %s %s)",
role_names[role], type_names[type],
pdb->p_class_val_to_name[i],
@ -1568,11 +1552,7 @@ static int range_trans_to_cil(int indent, struct policydb *pdb, struct range_tra
for (stype = 0; stype < num_stypes; stype++) {
for (ttype = 0; ttype < num_ttypes; ttype++) {
ebitmap_for_each_bit(&rule->tclasses, node, i) {
if (!ebitmap_get_bit(&rule->tclasses, i)) {
continue;
}
ebitmap_for_each_positive_bit(&rule->tclasses, node, i) {
cil_indent(indent);
cil_printf("(rangetransition %s %s %s ", stypes[stype], ttypes[ttype], pdb->p_class_val_to_name[i]);
@ -2094,10 +2074,7 @@ static int class_order_to_cil(int indent, struct policydb *pdb, struct ebitmap o
cil_indent(indent);
cil_printf("(classorder (");
ebitmap_for_each_bit(&order, node, i) {
if (!ebitmap_get_bit(&order, i)) {
continue;
}
ebitmap_for_each_positive_bit(&order, node, i) {
cil_printf("%s ", pdb->sym_val_to_name[SYM_CLASSES][i]);
}
@ -2199,10 +2176,7 @@ static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
if (ebitmap_cardinality(&role->roles) > 0) {
cil_indent(indent);
cil_printf("(roleattributeset %s (", key);
ebitmap_for_each_bit(&role->roles, node, i) {
if (!ebitmap_get_bit(&role->roles, i)) {
continue;
}
ebitmap_for_each_positive_bit(&role->roles, node, i) {
cil_printf("%s ", pdb->p_role_val_to_name[i]);
}
cil_printf("))\n");
@ -2331,10 +2305,7 @@ static int user_to_cil(int indent, struct policydb *pdb, struct avrule_block *bl
cil_println(indent, "(userrole %s " DEFAULT_OBJECT ")", key);
}
ebitmap_for_each_bit(&roles, node, i) {
if (!ebitmap_get_bit(&roles, i)) {
continue;
}
ebitmap_for_each_positive_bit(&roles, node, i) {
cil_println(indent, "(userrole %s %s)", key, pdb->p_role_val_to_name[i]);
}
@ -2421,10 +2392,7 @@ static int sens_order_to_cil(int indent, struct policydb *pdb, struct ebitmap or
cil_indent(indent);
cil_printf("(sensitivityorder (");
ebitmap_for_each_bit(&order, node, i) {
if (!ebitmap_get_bit(&order, i)) {
continue;
}
ebitmap_for_each_positive_bit(&order, node, i) {
cil_printf("%s ", pdb->p_sens_val_to_name[i]);
}
@ -2465,10 +2433,7 @@ static int cat_order_to_cil(int indent, struct policydb *pdb, struct ebitmap ord
cil_indent(indent);
cil_printf("(categoryorder (");
ebitmap_for_each_bit(&order, node, i) {
if (!ebitmap_get_bit(&order, i)) {
continue;
}
ebitmap_for_each_positive_bit(&order, node, i) {
cil_printf("%s ", pdb->p_cat_val_to_name[i]);
}
@ -2489,10 +2454,7 @@ static int polcaps_to_cil(struct policydb *pdb)
map = &pdb->policycaps;
ebitmap_for_each_bit(map, node, i) {
if (!ebitmap_get_bit(map, i)) {
continue;
}
ebitmap_for_each_positive_bit(map, node, i) {
name = sepol_polcap_getname(i);
if (name == NULL) {
log_err("Unknown policy capability id: %i", i);
@ -3427,10 +3389,7 @@ static int declared_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
}
map = decl->declared.scope[sym];
ebitmap_for_each_bit(&map, node, i) {
if (!ebitmap_get_bit(&map, i)) {
continue;
}
ebitmap_for_each_positive_bit(&map, node, i) {
key = pdb->sym_val_to_name[sym][i];
datum = hashtab_search(pdb->symtab[sym].table, key);
if (datum == NULL) {
@ -3494,10 +3453,7 @@ static int required_scopes_to_cil(int indent, struct policydb *pdb, struct avrul
}
map = decl->required.scope[sym];
ebitmap_for_each_bit(&map, node, i) {
if (!ebitmap_get_bit(&map, i)) {
continue;
}
ebitmap_for_each_positive_bit(&map, node, i) {
key = pdb->sym_val_to_name[sym][i];
scope_datum = hashtab_search(pdb->scope[sym].table, key);

7
libsepol/src/policydb.c
View file

@ -4245,10 +4245,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
if (r_policyvers >= POLICYDB_VERSION_AVTAB) {
if (ebitmap_read(&p->type_attr_map[i], fp))
goto bad;
ebitmap_for_each_bit(&p->type_attr_map[i],
tnode, j) {
if (!ebitmap_node_get_bit(tnode, j)
|| i == j)
ebitmap_for_each_positive_bit(&p->type_attr_map[i],
tnode, j) {
if (i == j)
continue;
if (j >= p->p_types.nprim)

16
libsepol/src/services.c
View file

@ -933,12 +933,8 @@ static int context_struct_compute_av(context_struct_t * scontext,
avkey.specified = AVTAB_AV;
sattr = &policydb->type_attr_map[scontext->type - 1];
tattr = &policydb->type_attr_map[tcontext->type - 1];
ebitmap_for_each_bit(sattr, snode, i) {
if (!ebitmap_node_get_bit(snode, i))
continue;
ebitmap_for_each_bit(tattr, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(sattr, snode, i) {
ebitmap_for_each_positive_bit(tattr, tnode, j) {
avkey.source_type = i + 1;
avkey.target_type = j + 1;
for (node =
@ -2194,14 +2190,10 @@ int hidden sepol_get_user_sids(sepol_security_id_t fromsid,
}
memset(mysids, 0, maxnel * sizeof(sepol_security_id_t));
ebitmap_for_each_bit(&user->roles.roles, rnode, i) {
if (!ebitmap_node_get_bit(rnode, i))
continue;
ebitmap_for_each_positive_bit(&user->roles.roles, rnode, i) {
role = policydb->role_val_to_struct[i];
usercon.role = i + 1;
ebitmap_for_each_bit(&role->types.types, tnode, j) {
if (!ebitmap_node_get_bit(tnode, j))
continue;
ebitmap_for_each_positive_bit(&role->types.types, tnode, j) {
usercon.type = j + 1;
if (usercon.type == fromcon->type)
continue;

19
libsepol/src/users.c
View file

@ -37,12 +37,10 @@ static int user_to_record(sepol_handle_t * handle,
goto err;
/* Extract roles */
ebitmap_for_each_bit(roles, rnode, bit) {
if (ebitmap_node_get_bit(rnode, bit)) {
char *role = policydb->p_role_val_to_name[bit];
if (sepol_user_add_role(handle, tmp_record, role) < 0)
goto err;
}
ebitmap_for_each_positive_bit(roles, rnode, bit) {
char *role = policydb->p_role_val_to_name[bit];
if (sepol_user_add_role(handle, tmp_record, role) < 0)
goto err;
}
/* Extract MLS info */
@ -170,12 +168,9 @@ int sepol_user_modify(sepol_handle_t * handle,
}
/* Set the role and every role it dominates */
ebitmap_for_each_bit(&roldatum->dominates, rnode, bit) {
if (ebitmap_node_get_bit(rnode, bit)) {
if (ebitmap_set_bit
(&(usrdatum->roles.roles), bit, 1))
goto omem;
}
ebitmap_for_each_positive_bit(&roldatum->dominates, rnode, bit) {
if (ebitmap_set_bit(&(usrdatum->roles.roles), bit, 1))
goto omem;
}
}

17
libsepol/src/write.c
View file

@ -1759,9 +1759,8 @@ static int only_process(ebitmap_t *in)
unsigned int i;
ebitmap_node_t *node;
ebitmap_for_each_bit(in, node, i) {
if (ebitmap_node_get_bit(node, i) &&
i != SECCLASS_PROCESS - 1)
ebitmap_for_each_positive_bit(in, node, i) {
if (i != SECCLASS_PROCESS - 1)
return 0;
}
return 1;
@ -2183,13 +2182,11 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
p->policy_type == POLICY_KERN) {
ebitmap_node_t *tnode;
ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
WARN(fp->handle, "Warning! Policy version %d cannot "
"support permissive types, but some were defined",
p->policyvers);
break;
}
ebitmap_for_each_positive_bit(&p->permissive_map, tnode, i) {
WARN(fp->handle, "Warning! Policy version %d cannot "
"support permissive types, but some were defined",
p->policyvers);
break;
}
}

46
libsepol/tests/test-common.c
View file

@ -197,20 +197,19 @@ role_datum_t *test_role_type_set(policydb_t * p, const char *id, avrule_decl_t *
CU_ASSERT_FATAL(role != NULL);
ebitmap_for_each_bit(&role->types.types, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
new = 0;
for (j = 0; j < len; j++) {
if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
found++;
new = 1;
}
ebitmap_for_each_positive_bit(&role->types.types, tnode, i) {
new = 0;
for (j = 0; j < len; j++) {
if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
found++;
new = 1;
}
if (new == 0) {
printf("\nRole %s had type %s not in types array\n", id, p->sym_val_to_name[SYM_TYPES][i]);
}
CU_ASSERT(new == 1);
}
if (new == 0) {
printf("\nRole %s had type %s not in types array\n",
id, p->sym_val_to_name[SYM_TYPES][i]);
}
CU_ASSERT(new == 1);
}
CU_ASSERT(found == len);
if (found != len)
@ -240,20 +239,19 @@ void test_attr_types(policydb_t * p, const char *id, avrule_decl_t * decl, const
CU_ASSERT(attr->flavor == TYPE_ATTRIB);
CU_ASSERT(attr->primary == 1);
ebitmap_for_each_bit(&attr->types, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
new = 0;
for (j = 0; j < len; j++) {
if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
found++;
new = 1;
}
ebitmap_for_each_positive_bit(&attr->types, tnode, i) {
new = 0;
for (j = 0; j < len; j++) {
if (strcmp(p->sym_val_to_name[SYM_TYPES][i], types[j]) == 0) {
found++;
new = 1;
}
if (new == 0) {
printf("\nattr %s had type %s not in types array\n", id, p->sym_val_to_name[SYM_TYPES][i]);
}
CU_ASSERT(new == 1);
}
if (new == 0) {
printf("\nattr %s had type %s not in types array\n",
id, p->sym_val_to_name[SYM_TYPES][i]);
}
CU_ASSERT(new == 1);
}
CU_ASSERT(found == len);
if (found != len)

16
libsepol/tests/test-expander-users.c
View file

@ -45,15 +45,13 @@ static void check_user_roles(policydb_t * p, const char *user_name, const char *
}
found = calloc(num_roles, sizeof(unsigned char));
CU_ASSERT_FATAL(found != NULL);
ebitmap_for_each_bit(&user->roles.roles, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
extra++;
for (j = 0; j < num_roles; j++) {
if (strcmp(role_names[j], p->p_role_val_to_name[i]) == 0) {
extra--;
found[j] += 1;
break;
}
ebitmap_for_each_positive_bit(&user->roles.roles, tnode, i) {
extra++;
for (j = 0; j < num_roles; j++) {
if (strcmp(role_names[j], p->p_role_val_to_name[i]) == 0) {
extra--;
found[j] += 1;
break;
}
}
}

8
libsepol/tests/test-linker-roles.c
View file

@ -58,11 +58,9 @@ static void only_dominates_self(policydb_t * p, role_datum_t * role)
unsigned int i;
int found = 0;
ebitmap_for_each_bit(&role->dominates, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
found++;
CU_ASSERT(i == role->s.value - 1);
}
ebitmap_for_each_positive_bit(&role->dominates, tnode, i) {
found++;
CU_ASSERT(i == role->s.value - 1);
}
CU_ASSERT(found == 1);
}

8
policycoreutils/run_init/run_init.c
View file

@ -159,6 +159,14 @@ int authenticate_via_pam(const struct passwd *p_passwd_line)
#include <shadow.h> /* for shadow passwd functions */
#include <string.h> /* for strlen(), memset() */
/*
* crypt() may not be defined in unistd.h; see:
* http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES
*/
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
#include <crypt.h>
#endif
#define PASSWORD_PROMPT _("Password:") /* prompt for getpass() */
int authenticate_via_shadow_passwd(const struct passwd *);

16
policycoreutils/setsebool/setsebool.c
View file

@ -77,7 +77,7 @@ int main(int argc, char **argv)
/* Add 1 for the '=' */
len = strlen(argv[optind]) + strlen(argv[optind + 1]) + 2;
bool_list[0] = (char *)malloc(len);
if (bool_list[0] == 0) {
if (bool_list[0] == NULL) {
fputs("Out of memory - aborting\n", stderr);
return 1;
}
@ -133,8 +133,8 @@ static int semanage_set_boolean_list(size_t boolcnt,
goto err;
}
if (! verbose) {
semanage_msg_set_callback(handle,NULL, NULL);
if (!verbose) {
semanage_msg_set_callback(handle, NULL, NULL);
}
managed = semanage_is_managed(handle);
@ -175,9 +175,9 @@ static int semanage_set_boolean_list(size_t boolcnt,
goto err;
semanage_bool_exists(handle, bool_key, &result);
if ( !result ) {
if (!result) {
semanage_bool_exists_local(handle, bool_key, &result);
if ( !result ) {
if (!result) {
fprintf(stderr, "Boolean %s is not defined\n", boollist[j].name);
goto err;
}
@ -230,13 +230,13 @@ int setbool(char **list, size_t start, size_t end)
while (i < end) {
name = list[i];
value_ptr = strchr(list[i], '=');
if (value_ptr == 0) {
if (value_ptr == NULL) {
fprintf(stderr,
"setsebool: '=' not found in boolean expression %s\n",
list[i]);
goto err;
}
*value_ptr = 0;
*value_ptr = '\0';
value_ptr++;
if (strcmp(value_ptr, "1") == 0 ||
strcasecmp(value_ptr, "true") == 0 ||
@ -278,7 +278,7 @@ int setbool(char **list, size_t start, size_t end)
while (i < end) {
name = list[i];
value_ptr = strchr(name, '=');
*value_ptr = 0;
*value_ptr = '\0';
value_ptr++;
if (pwd && pwd->pw_name)
syslog(LOG_NOTICE,

2
python/semanage/ru/semanage.8
View file

@ -50,7 +50,7 @@ semanage \- средство управления политикой SELinux
Управлять определениями типов конечных портов infiniband
.SH "ОПИСАНИЕ"
semanage используется для настройки определённых элементов политики SELinux без необходимости изменения или перекомпиляции исходного текста политики. Это включает сопоставление имён пользователей Linux с пользователями SELinux (что управляет исходным контекстом безопасности, который присваивается пользователям Linux при их входе в систему, и ограничивает доступный им набор ролей). Также это включает сопоставление контекстов безопасности для различных видов объектов, таких как сетевые порты, интерфейсы, ключи разделов (pkeys) и конечные порты (endports) infiniband, сетевые узлы (хосты), а также сопоставление контекстов файлов. В разделе ПРИМЕРЫ приведены примеры обычного использования этой утилиты. Обратите внимание, что при вызове команды semanage login пользователи Linux (logins) сопоставляются с пользователями SELinux, а при вызове команды semanage user пользователи SELinux сопоставляются с доступными наборами ролей. В большинстве случаев администратору требуется настроить только первый тип сопоставлений; второй тип сопоставлений определяется базовой политикой и обычно не требует изменения.
semanage используется для настройки определённых элементов политики SELinux без необходимости изменения или перекомпиляции исходного текста политики. Это включает сопоставление имён пользователей Linux с пользователями SELinux (что управляет исходным контекстом безопасности, который присваивается пользователям Linux при их входе в систему, и ограничивает доступный им набор ролей). Также это включает сопоставление контекстов безопасности для различных видов объектов, таких как сетевые порты, интерфейсы, ключи разделов (pkeys) и конечные порты (endports) infiniband, сетевые узлы (хосты), а также сопоставление контекстов файлов. Обратите внимание, что при вызове команды semanage login пользователи Linux (logins) сопоставляются с пользователями SELinux, а при вызове команды semanage user пользователи SELinux сопоставляются с доступными наборами ролей. В большинстве случаев администратору требуется настроить только первый тип сопоставлений; второй тип сопоставлений определяется базовой политикой и обычно не требует изменения.
.SH "ПАРАМЕТРЫ"
.TP

2
python/semanage/semanage-boolean.8
View file

@ -45,7 +45,7 @@ Disable the boolean
.SH EXAMPLE
.nf
Turn on the apache can send mail boolan
Turn on the apache can send mail boolean
# semanage boolean \-m \-\-on httpd_can_sendmail
List customized booleans