| Message ID | 20240822003757.1998016-1-tweek@google.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 5421320d3a29 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [1/3] libsepol: Rename ioctl xperms structures and functions | expand |
On Wed, Aug 21, 2024 at 8:38 PM Thiébaud Weksteen <tweek@google.com> wrote: > > The ioctl extended permission structures and functions can be reused for > other extended permissions. Use the more generic term "xperm" instead of > "ioctl". > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> > --- > checkpolicy/policy_define.c | 72 ++++++++++++++++++------------------- > 1 file changed, 36 insertions(+), 36 deletions(-) > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > index 4931f23d..4f6b2266 100644 > --- a/checkpolicy/policy_define.c > +++ b/checkpolicy/policy_define.c > @@ -1874,27 +1874,27 @@ avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * sl) > return sl; > } > > -typedef struct av_ioctl_range { > +typedef struct av_xperm_range { > uint16_t low; > uint16_t high; > -} av_ioctl_range_t; > +} av_xperm_range_t; > > -struct av_ioctl_range_list { > +struct av_xperm_range_list { > uint8_t omit; > - av_ioctl_range_t range; > - struct av_ioctl_range_list *next; > + av_xperm_range_t range; > + struct av_xperm_range_list *next; > }; > > -static int avrule_sort_ioctls(struct av_ioctl_range_list **rangehead) > +static int avrule_sort_xperms(struct av_xperm_range_list **rangehead) > { > - struct av_ioctl_range_list *r, *r2, *sorted, *sortedhead = NULL; > + struct av_xperm_range_list *r, *r2, *sorted, *sortedhead = NULL; > > /* order list by range.low */ > for (r = *rangehead; r != NULL; r = r->next) { > - sorted = malloc(sizeof(struct av_ioctl_range_list)); > + sorted = malloc(sizeof(struct av_xperm_range_list)); > if (sorted == NULL) > goto error; > - memcpy(sorted, r, sizeof(struct av_ioctl_range_list)); > + memcpy(sorted, r, sizeof(struct av_xperm_range_list)); > sorted->next = NULL; > if (sortedhead == NULL) { > sortedhead = sorted; > @@ -1933,9 +1933,9 @@ error: > return -1; > } > > -static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) > +static void avrule_merge_xperms(struct av_xperm_range_list **rangehead) > { > - struct av_ioctl_range_list *r, *tmp; > + struct av_xperm_range_list *r, *tmp; > r = *rangehead; > while (r != NULL && r->next != NULL) { > /* merge */ > @@ -1952,15 +1952,15 @@ static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) > } > } > > -static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) > +static int avrule_read_xperm_ranges(struct av_xperm_range_list **rangehead) > { > char *id; > - struct av_ioctl_range_list *rnew, *r = NULL; > + struct av_xperm_range_list *rnew, *r = NULL; > uint8_t omit = 0; > > *rangehead = NULL; > > - /* read in all the ioctl commands */ > + /* read in all the ioctl/netlink commands */ > while ((id = queue_remove(id_queue))) { > if (strcmp(id,"~") == 0) { > /* these are values to be omitted */ > @@ -1979,7 +1979,7 @@ static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) > free(id); > } else { > /* read in new low value */ > - rnew = malloc(sizeof(struct av_ioctl_range_list)); > + rnew = malloc(sizeof(struct av_xperm_range_list)); > if (rnew == NULL) > goto error; > rnew->next = NULL; > @@ -2006,11 +2006,11 @@ error: > } > > /* flip to included ranges */ > -static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) > +static int avrule_omit_xperms(struct av_xperm_range_list **rangehead) > { > - struct av_ioctl_range_list *rnew, *r, *newhead, *r2; > + struct av_xperm_range_list *rnew, *r, *newhead, *r2; > > - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); > + rnew = calloc(1, sizeof(struct av_xperm_range_list)); > if (!rnew) > goto error; > > @@ -2028,7 +2028,7 @@ static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) > > while (r) { > r2->range.high = r->range.low - 1; > - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); > + rnew = calloc(1, sizeof(struct av_xperm_range_list)); > if (!rnew) > goto error; > r2->next = rnew; > @@ -2054,26 +2054,26 @@ error: > return -1; > } > > -static int avrule_ioctl_ranges(struct av_ioctl_range_list **rangelist) > +static int avrule_xperm_ranges(struct av_xperm_range_list **rangelist) > { > - struct av_ioctl_range_list *rangehead; > + struct av_xperm_range_list *rangehead; > uint8_t omit; > > /* read in ranges to include and omit */ > - if (avrule_read_ioctls(&rangehead)) > + if (avrule_read_xperm_ranges(&rangehead)) > return -1; > if (rangehead == NULL) { > - yyerror("error processing ioctl commands"); > + yyerror("error processing ioctl/netlink commands"); > return -1; > } > omit = rangehead->omit; > - /* sort and merge the input ioctls */ > - if (avrule_sort_ioctls(&rangehead)) > + /* sort and merge the input ranges */ > + if (avrule_sort_xperms(&rangehead)) > return -1; > - avrule_merge_ioctls(&rangehead); > + avrule_merge_xperms(&rangehead); > /* flip ranges if these are omitted */ > if (omit) { > - if (avrule_omit_ioctls(&rangehead)) > + if (avrule_omit_xperms(&rangehead)) > return -1; > } > > @@ -2261,11 +2261,11 @@ static int avrule_xperms_used(const av_extended_perms_t *xperms) > #define IOC_DRIV(x) ((x) >> 8) > #define IOC_FUNC(x) ((x) & 0xff) > #define IOC_CMD(driver, func) (((driver) << 8) + (func)) > -static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, > +static int avrule_xperm_partialdriver(struct av_xperm_range_list *rangelist, > av_extended_perms_t *complete_driver, > av_extended_perms_t **extended_perms) > { > - struct av_ioctl_range_list *r; > + struct av_xperm_range_list *r; > av_extended_perms_t *xperms; > uint8_t low, high; > > @@ -2300,10 +2300,10 @@ static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, > > } > > -static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, > +static int avrule_ioctl_completedriver(struct av_xperm_range_list *rangelist, > av_extended_perms_t **extended_perms) > { > - struct av_ioctl_range_list *r; > + struct av_xperm_range_list *r; > av_extended_perms_t *xperms; > uint16_t low, high; > xperms = calloc(1, sizeof(av_extended_perms_t)); > @@ -2342,10 +2342,10 @@ static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, > return 0; > } > > -static int avrule_ioctl_func(struct av_ioctl_range_list *rangelist, > +static int avrule_ioctl_func(struct av_xperm_range_list *rangelist, > av_extended_perms_t **extended_perms, unsigned int driver) > { > - struct av_ioctl_range_list *r; > + struct av_xperm_range_list *r; > av_extended_perms_t *xperms; > uint16_t low, high; > > @@ -2457,13 +2457,13 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) > static int define_te_avtab_ioctl(const avrule_t *avrule_template) > { > avrule_t *avrule; > - struct av_ioctl_range_list *rangelist, *r; > + struct av_xperm_range_list *rangelist, *r; > av_extended_perms_t *complete_driver, *partial_driver, *xperms; > unsigned int i; > > > /* organize ioctl ranges */ > - if (avrule_ioctl_ranges(&rangelist)) > + if (avrule_xperm_ranges(&rangelist)) > return -1; > > /* create rule for ioctl driver types that are entirely enabled */ > @@ -2482,7 +2482,7 @@ static int define_te_avtab_ioctl(const avrule_t *avrule_template) > } > > /* flag ioctl driver codes that are partially enabled */ > - if (avrule_ioctl_partialdriver(rangelist, complete_driver, &partial_driver)) > + if (avrule_xperm_partialdriver(rangelist, complete_driver, &partial_driver)) > return -1; > > if (!partial_driver || !avrule_xperms_used(partial_driver)) > -- > 2.46.0.184.g6999bdac58-goog >
On Thu, Aug 29, 2024 at 8:48 AM Stephen Smalley <stephen.smalley.work@gmail.com> wrote: > > On Wed, Aug 21, 2024 at 8:38 PM Thiébaud Weksteen <tweek@google.com> wrote: > > > > The ioctl extended permission structures and functions can be reused for > > other extended permissions. Use the more generic term "xperm" instead of > > "ioctl". > > > > Signed-off-by: Thiébaud Weksteen <tweek@google.com> > > Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> > These three patches have been merged. Jim > > --- > > checkpolicy/policy_define.c | 72 ++++++++++++++++++------------------- > > 1 file changed, 36 insertions(+), 36 deletions(-) > > > > diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c > > index 4931f23d..4f6b2266 100644 > > --- a/checkpolicy/policy_define.c > > +++ b/checkpolicy/policy_define.c > > @@ -1874,27 +1874,27 @@ avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * sl) > > return sl; > > } > > > > -typedef struct av_ioctl_range { > > +typedef struct av_xperm_range { > > uint16_t low; > > uint16_t high; > > -} av_ioctl_range_t; > > +} av_xperm_range_t; > > > > -struct av_ioctl_range_list { > > +struct av_xperm_range_list { > > uint8_t omit; > > - av_ioctl_range_t range; > > - struct av_ioctl_range_list *next; > > + av_xperm_range_t range; > > + struct av_xperm_range_list *next; > > }; > > > > -static int avrule_sort_ioctls(struct av_ioctl_range_list **rangehead) > > +static int avrule_sort_xperms(struct av_xperm_range_list **rangehead) > > { > > - struct av_ioctl_range_list *r, *r2, *sorted, *sortedhead = NULL; > > + struct av_xperm_range_list *r, *r2, *sorted, *sortedhead = NULL; > > > > /* order list by range.low */ > > for (r = *rangehead; r != NULL; r = r->next) { > > - sorted = malloc(sizeof(struct av_ioctl_range_list)); > > + sorted = malloc(sizeof(struct av_xperm_range_list)); > > if (sorted == NULL) > > goto error; > > - memcpy(sorted, r, sizeof(struct av_ioctl_range_list)); > > + memcpy(sorted, r, sizeof(struct av_xperm_range_list)); > > sorted->next = NULL; > > if (sortedhead == NULL) { > > sortedhead = sorted; > > @@ -1933,9 +1933,9 @@ error: > > return -1; > > } > > > > -static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) > > +static void avrule_merge_xperms(struct av_xperm_range_list **rangehead) > > { > > - struct av_ioctl_range_list *r, *tmp; > > + struct av_xperm_range_list *r, *tmp; > > r = *rangehead; > > while (r != NULL && r->next != NULL) { > > /* merge */ > > @@ -1952,15 +1952,15 @@ static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) > > } > > } > > > > -static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) > > +static int avrule_read_xperm_ranges(struct av_xperm_range_list **rangehead) > > { > > char *id; > > - struct av_ioctl_range_list *rnew, *r = NULL; > > + struct av_xperm_range_list *rnew, *r = NULL; > > uint8_t omit = 0; > > > > *rangehead = NULL; > > > > - /* read in all the ioctl commands */ > > + /* read in all the ioctl/netlink commands */ > > while ((id = queue_remove(id_queue))) { > > if (strcmp(id,"~") == 0) { > > /* these are values to be omitted */ > > @@ -1979,7 +1979,7 @@ static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) > > free(id); > > } else { > > /* read in new low value */ > > - rnew = malloc(sizeof(struct av_ioctl_range_list)); > > + rnew = malloc(sizeof(struct av_xperm_range_list)); > > if (rnew == NULL) > > goto error; > > rnew->next = NULL; > > @@ -2006,11 +2006,11 @@ error: > > } > > > > /* flip to included ranges */ > > -static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) > > +static int avrule_omit_xperms(struct av_xperm_range_list **rangehead) > > { > > - struct av_ioctl_range_list *rnew, *r, *newhead, *r2; > > + struct av_xperm_range_list *rnew, *r, *newhead, *r2; > > > > - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); > > + rnew = calloc(1, sizeof(struct av_xperm_range_list)); > > if (!rnew) > > goto error; > > > > @@ -2028,7 +2028,7 @@ static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) > > > > while (r) { > > r2->range.high = r->range.low - 1; > > - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); > > + rnew = calloc(1, sizeof(struct av_xperm_range_list)); > > if (!rnew) > > goto error; > > r2->next = rnew; > > @@ -2054,26 +2054,26 @@ error: > > return -1; > > } > > > > -static int avrule_ioctl_ranges(struct av_ioctl_range_list **rangelist) > > +static int avrule_xperm_ranges(struct av_xperm_range_list **rangelist) > > { > > - struct av_ioctl_range_list *rangehead; > > + struct av_xperm_range_list *rangehead; > > uint8_t omit; > > > > /* read in ranges to include and omit */ > > - if (avrule_read_ioctls(&rangehead)) > > + if (avrule_read_xperm_ranges(&rangehead)) > > return -1; > > if (rangehead == NULL) { > > - yyerror("error processing ioctl commands"); > > + yyerror("error processing ioctl/netlink commands"); > > return -1; > > } > > omit = rangehead->omit; > > - /* sort and merge the input ioctls */ > > - if (avrule_sort_ioctls(&rangehead)) > > + /* sort and merge the input ranges */ > > + if (avrule_sort_xperms(&rangehead)) > > return -1; > > - avrule_merge_ioctls(&rangehead); > > + avrule_merge_xperms(&rangehead); > > /* flip ranges if these are omitted */ > > if (omit) { > > - if (avrule_omit_ioctls(&rangehead)) > > + if (avrule_omit_xperms(&rangehead)) > > return -1; > > } > > > > @@ -2261,11 +2261,11 @@ static int avrule_xperms_used(const av_extended_perms_t *xperms) > > #define IOC_DRIV(x) ((x) >> 8) > > #define IOC_FUNC(x) ((x) & 0xff) > > #define IOC_CMD(driver, func) (((driver) << 8) + (func)) > > -static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, > > +static int avrule_xperm_partialdriver(struct av_xperm_range_list *rangelist, > > av_extended_perms_t *complete_driver, > > av_extended_perms_t **extended_perms) > > { > > - struct av_ioctl_range_list *r; > > + struct av_xperm_range_list *r; > > av_extended_perms_t *xperms; > > uint8_t low, high; > > > > @@ -2300,10 +2300,10 @@ static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, > > > > } > > > > -static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, > > +static int avrule_ioctl_completedriver(struct av_xperm_range_list *rangelist, > > av_extended_perms_t **extended_perms) > > { > > - struct av_ioctl_range_list *r; > > + struct av_xperm_range_list *r; > > av_extended_perms_t *xperms; > > uint16_t low, high; > > xperms = calloc(1, sizeof(av_extended_perms_t)); > > @@ -2342,10 +2342,10 @@ static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, > > return 0; > > } > > > > -static int avrule_ioctl_func(struct av_ioctl_range_list *rangelist, > > +static int avrule_ioctl_func(struct av_xperm_range_list *rangelist, > > av_extended_perms_t **extended_perms, unsigned int driver) > > { > > - struct av_ioctl_range_list *r; > > + struct av_xperm_range_list *r; > > av_extended_perms_t *xperms; > > uint16_t low, high; > > > > @@ -2457,13 +2457,13 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) > > static int define_te_avtab_ioctl(const avrule_t *avrule_template) > > { > > avrule_t *avrule; > > - struct av_ioctl_range_list *rangelist, *r; > > + struct av_xperm_range_list *rangelist, *r; > > av_extended_perms_t *complete_driver, *partial_driver, *xperms; > > unsigned int i; > > > > > > /* organize ioctl ranges */ > > - if (avrule_ioctl_ranges(&rangelist)) > > + if (avrule_xperm_ranges(&rangelist)) > > return -1; > > > > /* create rule for ioctl driver types that are entirely enabled */ > > @@ -2482,7 +2482,7 @@ static int define_te_avtab_ioctl(const avrule_t *avrule_template) > > } > > > > /* flag ioctl driver codes that are partially enabled */ > > - if (avrule_ioctl_partialdriver(rangelist, complete_driver, &partial_driver)) > > + if (avrule_xperm_partialdriver(rangelist, complete_driver, &partial_driver)) > > return -1; > > > > if (!partial_driver || !avrule_xperms_used(partial_driver)) > > -- > > 2.46.0.184.g6999bdac58-goog > > >
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 4931f23d..4f6b2266 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -1874,27 +1874,27 @@ avrule_t *define_cond_pol_list(avrule_t * avlist, avrule_t * sl) return sl; } -typedef struct av_ioctl_range { +typedef struct av_xperm_range { uint16_t low; uint16_t high; -} av_ioctl_range_t; +} av_xperm_range_t; -struct av_ioctl_range_list { +struct av_xperm_range_list { uint8_t omit; - av_ioctl_range_t range; - struct av_ioctl_range_list *next; + av_xperm_range_t range; + struct av_xperm_range_list *next; }; -static int avrule_sort_ioctls(struct av_ioctl_range_list **rangehead) +static int avrule_sort_xperms(struct av_xperm_range_list **rangehead) { - struct av_ioctl_range_list *r, *r2, *sorted, *sortedhead = NULL; + struct av_xperm_range_list *r, *r2, *sorted, *sortedhead = NULL; /* order list by range.low */ for (r = *rangehead; r != NULL; r = r->next) { - sorted = malloc(sizeof(struct av_ioctl_range_list)); + sorted = malloc(sizeof(struct av_xperm_range_list)); if (sorted == NULL) goto error; - memcpy(sorted, r, sizeof(struct av_ioctl_range_list)); + memcpy(sorted, r, sizeof(struct av_xperm_range_list)); sorted->next = NULL; if (sortedhead == NULL) { sortedhead = sorted; @@ -1933,9 +1933,9 @@ error: return -1; } -static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) +static void avrule_merge_xperms(struct av_xperm_range_list **rangehead) { - struct av_ioctl_range_list *r, *tmp; + struct av_xperm_range_list *r, *tmp; r = *rangehead; while (r != NULL && r->next != NULL) { /* merge */ @@ -1952,15 +1952,15 @@ static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead) } } -static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) +static int avrule_read_xperm_ranges(struct av_xperm_range_list **rangehead) { char *id; - struct av_ioctl_range_list *rnew, *r = NULL; + struct av_xperm_range_list *rnew, *r = NULL; uint8_t omit = 0; *rangehead = NULL; - /* read in all the ioctl commands */ + /* read in all the ioctl/netlink commands */ while ((id = queue_remove(id_queue))) { if (strcmp(id,"~") == 0) { /* these are values to be omitted */ @@ -1979,7 +1979,7 @@ static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead) free(id); } else { /* read in new low value */ - rnew = malloc(sizeof(struct av_ioctl_range_list)); + rnew = malloc(sizeof(struct av_xperm_range_list)); if (rnew == NULL) goto error; rnew->next = NULL; @@ -2006,11 +2006,11 @@ error: } /* flip to included ranges */ -static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) +static int avrule_omit_xperms(struct av_xperm_range_list **rangehead) { - struct av_ioctl_range_list *rnew, *r, *newhead, *r2; + struct av_xperm_range_list *rnew, *r, *newhead, *r2; - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); + rnew = calloc(1, sizeof(struct av_xperm_range_list)); if (!rnew) goto error; @@ -2028,7 +2028,7 @@ static int avrule_omit_ioctls(struct av_ioctl_range_list **rangehead) while (r) { r2->range.high = r->range.low - 1; - rnew = calloc(1, sizeof(struct av_ioctl_range_list)); + rnew = calloc(1, sizeof(struct av_xperm_range_list)); if (!rnew) goto error; r2->next = rnew; @@ -2054,26 +2054,26 @@ error: return -1; } -static int avrule_ioctl_ranges(struct av_ioctl_range_list **rangelist) +static int avrule_xperm_ranges(struct av_xperm_range_list **rangelist) { - struct av_ioctl_range_list *rangehead; + struct av_xperm_range_list *rangehead; uint8_t omit; /* read in ranges to include and omit */ - if (avrule_read_ioctls(&rangehead)) + if (avrule_read_xperm_ranges(&rangehead)) return -1; if (rangehead == NULL) { - yyerror("error processing ioctl commands"); + yyerror("error processing ioctl/netlink commands"); return -1; } omit = rangehead->omit; - /* sort and merge the input ioctls */ - if (avrule_sort_ioctls(&rangehead)) + /* sort and merge the input ranges */ + if (avrule_sort_xperms(&rangehead)) return -1; - avrule_merge_ioctls(&rangehead); + avrule_merge_xperms(&rangehead); /* flip ranges if these are omitted */ if (omit) { - if (avrule_omit_ioctls(&rangehead)) + if (avrule_omit_xperms(&rangehead)) return -1; } @@ -2261,11 +2261,11 @@ static int avrule_xperms_used(const av_extended_perms_t *xperms) #define IOC_DRIV(x) ((x) >> 8) #define IOC_FUNC(x) ((x) & 0xff) #define IOC_CMD(driver, func) (((driver) << 8) + (func)) -static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, +static int avrule_xperm_partialdriver(struct av_xperm_range_list *rangelist, av_extended_perms_t *complete_driver, av_extended_perms_t **extended_perms) { - struct av_ioctl_range_list *r; + struct av_xperm_range_list *r; av_extended_perms_t *xperms; uint8_t low, high; @@ -2300,10 +2300,10 @@ static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, } -static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, +static int avrule_ioctl_completedriver(struct av_xperm_range_list *rangelist, av_extended_perms_t **extended_perms) { - struct av_ioctl_range_list *r; + struct av_xperm_range_list *r; av_extended_perms_t *xperms; uint16_t low, high; xperms = calloc(1, sizeof(av_extended_perms_t)); @@ -2342,10 +2342,10 @@ static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, return 0; } -static int avrule_ioctl_func(struct av_ioctl_range_list *rangelist, +static int avrule_ioctl_func(struct av_xperm_range_list *rangelist, av_extended_perms_t **extended_perms, unsigned int driver) { - struct av_ioctl_range_list *r; + struct av_xperm_range_list *r; av_extended_perms_t *xperms; uint16_t low, high; @@ -2457,13 +2457,13 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) static int define_te_avtab_ioctl(const avrule_t *avrule_template) { avrule_t *avrule; - struct av_ioctl_range_list *rangelist, *r; + struct av_xperm_range_list *rangelist, *r; av_extended_perms_t *complete_driver, *partial_driver, *xperms; unsigned int i; /* organize ioctl ranges */ - if (avrule_ioctl_ranges(&rangelist)) + if (avrule_xperm_ranges(&rangelist)) return -1; /* create rule for ioctl driver types that are entirely enabled */ @@ -2482,7 +2482,7 @@ static int define_te_avtab_ioctl(const avrule_t *avrule_template) } /* flag ioctl driver codes that are partially enabled */ - if (avrule_ioctl_partialdriver(rangelist, complete_driver, &partial_driver)) + if (avrule_xperm_partialdriver(rangelist, complete_driver, &partial_driver)) return -1; if (!partial_driver || !avrule_xperms_used(partial_driver))
The ioctl extended permission structures and functions can be reused for other extended permissions. Use the more generic term "xperm" instead of "ioctl". Signed-off-by: Thiébaud Weksteen <tweek@google.com> --- checkpolicy/policy_define.c | 72 ++++++++++++++++++------------------- 1 file changed, 36 insertions(+), 36 deletions(-)