perfinion 14/11/22 12:59:48
Added:
0001-policycoreutils-pp-add-roletype-statements-for-both-.patch
Log:
add patch from upstream to fix missing roletypes
(Portage version: 2.2.12/cvs/Linux x86_64, signed Manifest commit with key
0x7EF137EC935B0EAF)
Revision Changes Path
1.1
sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-apps/policycoreutils/files/0001-policycoreutils-pp-add-roletype-statements-for-both-.patch?rev=1.1&content-type=text/plain
Index: 0001-policycoreutils-pp-add-roletype-statements-for-both-.patch
===================================================================
>From 7a09af2123bc0d86787ef82fc2ff43810f1712c0 Mon Sep 17 00:00:00 2001
From: Steve Lawrence <[email protected]>
Date: Wed, 19 Nov 2014 11:21:42 -0500
Subject: [PATCH 1/2] policycoreutils: pp: add roletype statements for both
declared and required type/typeattributes
Currently, roletype statements are only added for types when they are
declared (not required). This means that in policy like:
require {
type foo_t;
}
type bar_t;
role staff_r types foo_t, bar_t;
only bar_t is associated with staff_r. This patch moves the code that
generates roletype statements for types to outside the SCOPE_DECL check
so that roletype statements are generated for all types, regardless of
the required/declared scope. It further moves the code outside of the
type/typeattribute flavor check so that roletype statements are also
generated for typeattributes.
Reported-by: Sven Vermeulen <[email protected]>
Signed-off-by: Steve Lawrence <[email protected]>
Reviewed-by: Yuli Khodorkovskiy <[email protected]>
Tested-by: Jason Zaman <[email protected]>
---
policycoreutils/hll/pp/pp.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
index b1ef27f..4b9f310 100644
--- a/policycoreutils/hll/pp/pp.c
+++ b/policycoreutils/hll/pp/pp.c
@@ -2083,6 +2083,11 @@ static int type_to_cil(int indent, struct policydb *pdb,
struct avrule_block *UN
cil_println(indent, "(typeattributeset " GEN_REQUIRE_ATTR "
%s)", key);
}
+ rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack, key, indent);
+ if (rc != 0) {
+ goto exit;
+ }
+
switch(type->flavor) {
case TYPE_TYPE:
if (scope == SCOPE_DECL) {
@@ -2090,11 +2095,6 @@ static int type_to_cil(int indent, struct policydb *pdb,
struct avrule_block *UN
// object_r is implicit in checkmodule, but not with
CIL,
// create it as part of base
cil_println(indent, "(roletype " DEFAULT_OBJECT " %s)",
key);
-
- rc = roletype_role_in_ancestor_to_cil(pdb, decl_stack,
key, indent);
- if (rc != 0) {
- goto exit;
- }
}
if (type->flags & TYPE_FLAGS_PERMISSIVE) {
--
2.0.4
