1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
diff -purN libsepol-2.0.32.orig/src/expand.c libsepol-2.0.32/src/expand.c
--- libsepol-2.0.32.orig/src/expand.c 2008-08-26 09:40:22.000000000 -0400
+++ libsepol-2.0.32/src/expand.c 2008-09-19 19:36:39.918510539 -0400
@@ -1917,6 +1917,35 @@ int expand_convert_type_set(policydb_t *
return 0;
}
+/* Expand a rule into a given avtab - checking for conflicting type
+ * rules. Return 1 on success, 0 if the rule conflicts with something
+ * (and hence was not added), or -1 on error. */
+int expand_rule(sepol_handle_t * handle,
+ policydb_t * source_pol,
+ avrule_t * source_rule, avtab_t * dest_avtab,
+ cond_av_list_t ** cond, cond_av_list_t ** other, int enabled)
+{
+ int retval;
+ ebitmap_t stypes, ttypes;
+
+ if (source_rule->specified & AVRULE_NEVERALLOW)
+ return 1;
+
+ ebitmap_init(&stypes);
+ ebitmap_init(&ttypes);
+
+ if (type_set_expand(&source_rule->stypes, &stypes, source_pol, 1))
+ return -1;
+ if (type_set_expand(&source_rule->ttypes, &ttypes, source_pol, 1))
+ return -1;
+ retval = expand_rule_helper(handle, source_pol, NULL,
+ source_rule, dest_avtab,
+ cond, other, enabled, &stypes, &ttypes);
+ ebitmap_destroy(&stypes);
+ ebitmap_destroy(&ttypes);
+ return retval;
+}
+
int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * p, uint32_t * rolemap)
{
unsigned int i;
|
GitWeb
