diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-03 13:02:37 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2017-02-03 13:02:37 -0500 |
| commit | d9fecb8ab0f52272fd4785fe6f15e6855b2f6008 (patch) | |
| tree | c519942cea1525634351674f609cfc0fcefceaa7 /pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch | |
| parent | b7f02b9741f313a6d6b96c1829d45fe09a39d0de (diff) | |
| download | abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.tar.gz abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.tar.bz2 abslibre-d9fecb8ab0f52272fd4785fe6f15e6855b2f6008.zip | |
add pcr/libsepol
Diffstat (limited to 'pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch')
| -rw-r--r-- | pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch b/pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch new file mode 100644 index 000000000..ff43a5e27 --- /dev/null +++ b/pcr/libsepol/0013-libsepol-fix-checkpolicy-dontaudit-compiler-bug.patch @@ -0,0 +1,51 @@ +From 00603062c7e9d74a76d62ee9806c9042ec7ad7fa Mon Sep 17 00:00:00 2001 +From: William Roberts <william.c.roberts@intel.com> +Date: Tue, 15 Nov 2016 16:42:23 -0800 +Subject: [PATCH] libsepol: fix checkpolicy dontaudit compiler bug + +The combining logic for dontaudit rules was wrong, causing +a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p; +rule. + +This is a reimplementation of: +commit 6201bb5e258e2b5bcc04d502d6fbc05c69d21d71 ("libsepol: +fix checkpolicy dontaudit compiler bug") +that avoids the cumbersome pointer assignments on alloced. + +Reported-by: Nick Kralevich <nnk@google.com> +Signed-off-by: William Roberts <william.c.roberts@intel.com> +--- + libsepol/src/expand.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c +index 004a02949b98..3e16f586028c 100644 +--- a/libsepol/src/expand.c ++++ b/libsepol/src/expand.c +@@ -1640,6 +1640,11 @@ static avtab_ptr_t find_avtab_node(sepol_handle_t * handle, + + if (!node) { + memset(&avdatum, 0, sizeof avdatum); ++ /* ++ * AUDITDENY, aka DONTAUDIT, are &= assigned, versus |= for ++ * others. Initialize the data accordingly. ++ */ ++ avdatum.data = key->specified == AVTAB_AUDITDENY ? ~0 : 0; + /* this is used to get the node - insertion is actually unique */ + node = avtab_insert_nonunique(avtab, key, &avdatum); + if (!node) { +@@ -1850,10 +1855,7 @@ static int expand_avrule_helper(sepol_handle_t * handle, + */ + avdatump->data &= cur->data; + } else if (specified & AVRULE_DONTAUDIT) { +- if (avdatump->data) +- avdatump->data &= ~cur->data; +- else +- avdatump->data = ~cur->data; ++ avdatump->data &= ~cur->data; + } else if (specified & AVRULE_XPERMS) { + xperms = avdatump->xperms; + if (!xperms) { +-- +2.10.2 + |