From patchwork Thu Sep 8 20:30:50 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Cashman X-Patchwork-Id: 9322029 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 936AC60752 for ; Thu, 8 Sep 2016 20:34:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 833ED29971 for ; Thu, 8 Sep 2016 20:34:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 78214299DC; Thu, 8 Sep 2016 20:34:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, T_DKIM_INVALID autolearn=no version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B160C29971 for ; Thu, 8 Sep 2016 20:34:23 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.30,302,1470700800"; d="scan'208";a="17391886" IronPort-PHdr: =?us-ascii?q?9a23=3AH9N5bhd+KUhoBSYBfbTFbYLtlGMj4u6mDksu8pMi?= =?us-ascii?q?zoh2WeGdxc69Yx7h7PlgxGXEQZ/co6odzbGH6ua+AydZvcfJ8ChbNscdD1ld0Y?= =?us-ascii?q?RetjdjKfbNMVf8Iv/uYn5yN+V5f3ghwUuGN1NIEt31fVzYry76xzcTHhLiKVg9?= =?us-ascii?q?fbytScbshsi6n9q/54fUK10RwmHsOPUsdl7v8VSZ9pFPx9AzcuBpklqBi0ALUt?= =?us-ascii?q?we/XlvK1OXkkS0zeaL17knzR5tvek8/dVLS6TwcvdwZ7VZCDM7LzJ9v5Wz5lH+?= =?us-ascii?q?Vw/H2l8wGiVTy0IJUED560ThU5PwtDbqnvZs0ymde8vtRPY7Xirxwb1sTUrEgS?= =?us-ascii?q?EGOjpx22jMisl5iuoPrBmovBx6yoj8aYeZLv1/cuXWetZMFjkJZdpYSyEUWtD0?= =?us-ascii?q?VIAIFedUeL8Aog=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2GZBACzytFX/wHyM5BdGwEBAQMBAQEXAQEEAQGDDgEBAQE?= =?us-ascii?q?BHoFTtAiGNCWHY0wBAQEBAQEBAQIBAlsngjIEAxMFBTkQVQINXwIBAwECDxUTB?= =?us-ascii?q?gEBDCALAQIDCQEBFwghCAgDAS0DAQUBCxEOCwUYBAGIKKNHgTI+MopWhS4BAQW?= =?us-ascii?q?HWAELHQgQhBWCAQqIYBEBaIUQAY4udoo+j0KJTyWFZ48KMYERVIJfDRuBbVCFR?= =?us-ascii?q?HiBJwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 08 Sep 2016 20:34:18 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u88KYIJW002109; Thu, 8 Sep 2016 16:34:18 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u88KVLIT096609 for ; Thu, 8 Sep 2016 16:31:21 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u88KVIH5001789 for ; Thu, 8 Sep 2016 16:31:21 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CvAwDkydFXhjDcVdFdHAEBBAEBgy0BAQEBAYFxtAiCLoQShhwCgV5MAQIBAQEBAQITAQEBCAsLCRmFEQIBAxIVGQEBNwEPIDE0AQUBHBkiiCijRYEyPjKKVoUuAQEFh1gBAQEBAQEEAgEcCBCEFYIBColagX4LgweOL3aKPo9CiU+GDI8KMYERgzMNEQqBbRw0h2MBAQE X-IPAS-Result: A1CvAwDkydFXhjDcVdFdHAEBBAEBgy0BAQEBAYFxtAiCLoQShhwCgV5MAQIBAQEBAQITAQEBCAsLCRmFEQIBAxIVGQEBNwEPIDE0AQUBHBkiiCijRYEyPjKKVoUuAQEFh1gBAQEBAQEEAgEcCBCEFYIBColagX4LgweOL3aKPo9CiU+GDI8KMYERgzMNEQqBbRw0h2MBAQE X-IronPort-AV: E=Sophos;i="5.30,302,1470715200"; d="scan'208";a="5693980" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 08 Sep 2016 16:31:21 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AgotysBLfJqOgmErnztmcpTZWNBhigK39O0sv0rFi?= =?us-ascii?q?tYgULP7xwZ3uMQTl6Ol3ixeRBMOAuqsC1bCd6vyxESxYuNDa4ShEKMQNHzY+yu?= =?us-ascii?q?wu1zQ6B8CEDUCpZNXLVAcdWPp4aVl+4nugOlJUEsutL3fbo3m18CJAUk6nbVk9?= =?us-ascii?q?GO35F8bogtit0KjqotuIMlwO2mD2OO8jZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?= =?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN9t4XXskzY?= =?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79R0S+bMMm+ZrkvWTGr6e8/RBThky?= =?us-ascii?q?cCPjgR+WfbkMtxgORQpxf39E83+JLdfIzAbKk2RajaZ95PHWc=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0E9AwBhydFXhjDcVdFdHAEBBAEBFwEBB?= =?us-ascii?q?AEBgw4BAQEBAYFxtAiCLoQShhwCgV5MAQEBAQEBAQECAQIQAQEBCAsLCRkvgjI?= =?us-ascii?q?YDDkQVQINXwIBAxIVGQEBNwEPIDE0AQUBHBkiiCijQYEyPjKKVoUuAQEFh1gBA?= =?us-ascii?q?QEBAQEEAgEcCBCEFYIBColahRCOL3aKPo9CiU+GDI8KMYERgzMNEQqBbRw0h2M?= =?us-ascii?q?BAQE?= X-IPAS-Result: =?us-ascii?q?A0E9AwBhydFXhjDcVdFdHAEBBAEBFwEBBAEBgw4BAQEBAYF?= =?us-ascii?q?xtAiCLoQShhwCgV5MAQEBAQEBAQECAQIQAQEBCAsLCRkvgjIYDDkQVQINXwIBA?= =?us-ascii?q?xIVGQEBNwEPIDE0AQUBHBkiiCijQYEyPjKKVoUuAQEFh1gBAQEBAQEEAgEcCBC?= =?us-ascii?q?EFYIBColahRCOL3aKPo9CiU+GDI8KMYERgzMNEQqBbRw0h2MBAQE?= X-IronPort-AV: E=Sophos;i="5.30,302,1470700800"; d="scan'208";a="17391675" Received: from mail-pa0-f48.google.com ([209.85.220.48]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 08 Sep 2016 20:31:19 +0000 Received: by mail-pa0-f48.google.com with SMTP id to9so20578045pac.1 for ; Thu, 08 Sep 2016 13:31:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=android.com; s=20120917; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=qCd7fI0JTHtf7MNxai6ZGNAKoTq7Xf3pWN6q6Mobrug=; b=YtmnXO+DQw8vNnePuwx90yb0HGcFn9UU4cXtFgCl3YMO3KBqqqCVBpKtu6Eo0g95Mr Cxor9CUpecpTS5XQpEtT6vMVga7tNIsw3tcbGc4Snus2UbpKiar9n9t/qjh6u0K3So+E ds/vgTwJNEmqc5rPnvucSjkptZNTzwMfk4QG2QnU/LHzvyjHuLtJpKQfZuMZ6pcKzsCq RrARAtHNcy0kP5S6b4Oc0audQpgSh4hjd06LbGseIA5G3V/qqPAX/inHGp+o8hM/T9Jm vRNP64ctyvlyewliFWBCoGA142fvIY5VQn4eUu64C5Hn4oyZ7LkwK8tgVFyERvE/bVTs g3UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=qCd7fI0JTHtf7MNxai6ZGNAKoTq7Xf3pWN6q6Mobrug=; b=DWaY0OCMIrxoQ6pHgDjHQxuoCTJpzcCk/dACz3sYEljJqPFeG9jXVesC8IfZ45lKmh EIWlfv7x3oiy8sJqZmwnmQCqIHFcuY+FMkiXHJ1db9sXqahtNu9q1OM6TXb2D1LOrMx4 qltqMRcUVIsteoTsKojfl6rrZV0DhGtV4lhVopkmcWONI5DC/Dh1B7cFIbh33pkGwwyx 8Sh+VuIDRfncDhw5yo/c8j9j0AMnwuPIxTtAIDYErIXmQ6Jr631MlPRE9EC34cNhqcAQ 1PngulN2hNzdqvbafgee5xH6Or+SIvQOM/RuLe2w9GfX24qMrBde6kTEnC5Q3I0Sko+N 10tw== X-Gm-Message-State: AE9vXwO3EgstQ5lBdQdVFQJtv1HvDCu4UW2c6gHC+nZhFDIz/EYepE9Yjg7tGWFUjWk7ww== X-Received: by 10.66.183.206 with SMTP id eo14mr2761204pac.146.1473366678897; Thu, 08 Sep 2016 13:31:18 -0700 (PDT) Received: from dcashman.mtv.corp.google.com ([172.22.115.19]) by smtp.gmail.com with ESMTPSA id 3sm42199731pai.48.2016.09.08.13.31.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 08 Sep 2016 13:31:18 -0700 (PDT) From: Daniel Cashman To: selinux@tycho.nsa.gov Subject: [PATCH 3/5] libsepol: cil: Replace sensitivityorder statement. Date: Thu, 8 Sep 2016 13:30:50 -0700 Message-Id: <1473366652-23929-4-git-send-email-dcashman@android.com> X-Mailer: git-send-email 2.8.0.rc3.226.g39d4020 In-Reply-To: <1473366652-23929-3-git-send-email-dcashman@android.com> References: <1473366652-23929-1-git-send-email-dcashman@android.com> <1473366652-23929-2-git-send-email-dcashman@android.com> <1473366652-23929-3-git-send-email-dcashman@android.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: sds@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP From: dcashman cil_gen_policy() prints a sensitivityorder{}; output statement when generating its policy.conf file from CIL policy. This omits the sensitivity declarations, however, and should instead be represented as a sid declaration block followed by a dominance statement. Signed-off-by: Daniel Cashman --- libsepol/cil/src/cil_policy.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index d8ef151..78b135e 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -1301,11 +1301,14 @@ int cil_gen_policy(struct cil_db *db) } if (db->sensitivityorder->head != NULL) { - fprintf(file_arr[SENS], "sensitivityorder { "); + cil_list_for_each(item, db->sensitivityorder) { + fprintf(file_arr[SENS], "sensitivity %s;\n", ((struct cil_sens*)item->data)->datum.name); + } + fprintf(file_arr[SENS], "dominance { "); cil_list_for_each(item, db->sensitivityorder) { fprintf(file_arr[SENS], "%s ", ((struct cil_sens*)item->data)->datum.name); } - fprintf(file_arr[SENS], "};\n"); + fprintf(file_arr[SENS], "}\n"); } extra_args.users = users;