Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH 1/3] libsepol - fix aliased sensitivities
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 13 Feb 2006 11:20:00 -0500
So I think the patch below should solve the problem for checkpolicy, while leaving libsepol's behavior unmodified and consistent with the kernel's behavior (i.e. no pointer aliasing). Look sane? Index: checkpolicy/policy_parse.y RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v retrieving revision 1.57 diff -u -p -r1.57 policy_parse.y --- checkpolicy/policy_parse.y 13 Feb 2006 13:59:53 -0000 1.57 +++ checkpolicy/policy_parse.y 13 Feb 2006 16:00:20 -0000 @@ -1564,6 +1564,23 @@ static int define_category(void) return -1; } +static int clone_level(hashtab_key_t key, hashtab_datum_t datum, void *arg) +{ + level_datum_t *levdatum = (level_datum_t *) datum; + mls_level_t *level = (mls_level_t *) arg, *newlevel; + + if (levdatum->isalias && levdatum->level == level) { + newlevel = (mls_level_t *) malloc(sizeof(mls_level_t)); + if (!newlevel) + return -1; + if (mls_level_cpy(newlevel, level)) { + free(newlevel); + return -1; + } + levdatum->level = newlevel; + } + return 0; +}
static int define_level(void)
free(id); } + if (hashtab_map(policydbp->p_levels.table, clone_level, levdatum->level)) { + yyerror("out of memory"); + return -1; + } + return 0; } -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 13 Feb 2006 - 11:14:25 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |