tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

checkseapp: Detect duplicate keys in seapp_contexts entries.

Browse source 
Presently it ignores duplicate keys in seapp_contexts entries, e.g.
if you were to specify:

user=system seinfo=platform user=bluetooth domain=system_app type=system_app_data_file

checkseapp would ignore the duplicate and libselinux would end up using
the last value defined for the key in each line.

Change-Id: I18cadb0c1bf5a907e6fc6513df65aafed91d76fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-02-13 14:06:08 -05:00 committed by Nick Kralevich
parent c6a0feb44d
commit 534fb0711d
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tools/check_seapp.c
View file

@ -524,6 +524,10 @@ static rule_map *rule_map_new(kvp keys[], size_t num_of_keys, int lineno) {
rule_map *new_map = NULL; rule_map *new_map = NULL;
kvp *k = NULL; kvp *k = NULL;
key_map *r = NULL, *x = NULL; key_map *r = NULL, *x = NULL;
bool seen[KVP_NUM_OF_RULES];
for (i = 0; i < KVP_NUM_OF_RULES; i++)
seen[i] = false;
new_map = calloc(1, (num_of_keys * sizeof(key_map)) + sizeof(rule_map)); new_map = calloc(1, (num_of_keys * sizeof(key_map)) + sizeof(rule_map));
if (!new_map) if (!new_map)
@ -549,6 +553,12 @@ static rule_map *rule_map_new(kvp keys[], size_t num_of_keys, int lineno) {
continue; continue;
} }
if (seen[j]) {
log_error("Duplicated key: %s\n", k->key);
goto err;
}
seen[j] = true;
memcpy(r, x, sizeof(key_map)); memcpy(r, x, sizeof(key_map));
/* Assign rule map value to one from file */ /* Assign rule map value to one from file */
@ -612,7 +622,7 @@ err:
free_kvp(k); free_kvp(k);
} }
} }
exit(EXIT_FAILURE); return NULL;
} }
/** /**
@ -936,6 +946,8 @@ static void parse() {
} /*End token parsing */ } /*End token parsing */
rule_map *r = rule_map_new(keys, token_cnt, lineno); rule_map *r = rule_map_new(keys, token_cnt, lineno);
if (!r)
goto err;
rule_add(r); rule_add(r);
} /* End file parsing */ } /* End file parsing */