@@ -126,6 +126,11 @@ In order to compile the original HLL file into CIL, the same HLL file will need
When set to "true", the kernel policy will be optimized upon rebuilds.
It can be set to either "true" or "false" and by default it is set to "false".
+.TP
+.B multiple-decls
+When set to "true", duplicate type, type attribute, and role declarations will be allowed.
+It can be set to either "true" or "false" and by default it is set to "true".
+
.SH "SEE ALSO"
.TP
semanage(8)
@@ -59,7 +59,7 @@ static int parse_errors;
char *s;
}
-%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED TARGET_PLATFORM COMPILER_DIR IGNORE_MODULE_CACHE STORE_ROOT OPTIMIZE_POLICY
+%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED TARGET_PLATFORM COMPILER_DIR IGNORE_MODULE_CACHE STORE_ROOT OPTIMIZE_POLICY MULTIPLE_DECLS
%token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
%token BZIP_BLOCKSIZE BZIP_SMALL REMOVE_HLL
%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
@@ -96,6 +96,7 @@ single_opt: module_store
| bzip_small
| remove_hll
| optimize_policy
+ | multiple_decls
;
module_store: MODULE_STORE '=' ARG {
@@ -280,6 +281,17 @@ optimize_policy: OPTIMIZE_POLICY '=' ARG {
free($3);
}
+multiple_decls: MULTIPLE_DECLS '=' ARG {
+ if (strcasecmp($3, "false") == 0) {
+ current_conf->multiple_decls = 0;
+ } else if (strcasecmp($3, "true") == 0) {
+ current_conf->multiple_decls = 1;
+ } else {
+ yyerror("multiple-decls can only be 'true' or 'false'");
+ }
+ free($3);
+}
+
command_block:
command_start external_opts BLOCK_END {
if (new_external->path == NULL) {
@@ -365,6 +377,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
conf->ignore_module_cache = 0;
conf->remove_hll = 0;
conf->optimize_policy = 0;
+ conf->multiple_decls = 1;
conf->save_previous = 0;
conf->save_linked = 0;
@@ -55,6 +55,7 @@ bzip-blocksize return BZIP_BLOCKSIZE;
bzip-small return BZIP_SMALL;
remove-hll return REMOVE_HLL;
optimize-policy return OPTIMIZE_POLICY;
+multiple-decls return MULTIPLE_DECLS;
"[load_policy]" return LOAD_POLICY_START;
"[setfiles]" return SETFILES_START;
"[sefcontext_compile]" return SEFCONTEXT_COMPILE_START;
@@ -1346,6 +1346,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
cil_set_preserve_tunables(cildb, preserve_tunables);
cil_set_target_platform(cildb, sh->conf->target_platform);
cil_set_policy_version(cildb, sh->conf->policyvers);
+ cil_set_multiple_decls(cildb, sh->conf->multiple_decls);
if (sh->conf->handle_unknown != -1) {
cil_set_handle_unknown(cildb, sh->conf->handle_unknown);
@@ -48,6 +48,7 @@ typedef struct semanage_conf {
int remove_hll;
int ignore_module_cache;
int optimize_policy;
+ int multiple_decls;
char *ignoredirs; /* ";" separated of list for genhomedircon to ignore */
struct external_prog *load_policy;
struct external_prog *setfiles;
Add a configuration option that when set to "true" allows duplicate type, type attribute, and role declarations and duplicate context rules. The default is set to "true" to support the removal of the special handling of certain roles when converting a policy module to CIL without causing problems for existing policies. Signed-off-by: James Carter <jwcart2@gmail.com> --- libsemanage/man/man5/semanage.conf.5 | 5 +++++ libsemanage/src/conf-parse.y | 15 ++++++++++++++- libsemanage/src/conf-scan.l | 1 + libsemanage/src/direct_api.c | 1 + libsemanage/src/semanage_conf.h | 1 + 5 files changed, 22 insertions(+), 1 deletion(-)