rpms/libsepol/devel libsepol-rhat.patch, 1.14, 1.15 libsepol.spec, 1.153, 1.154

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Mar 28 18:55:23 UTC 2007 

Author: dwalsh

Update of /cvs/dist/rpms/libsepol/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv6285

Modified Files:
	libsepol-rhat.patch libsepol.spec 
Log Message:
* Wed Mar 28 2007 Dan Walsh <dwalsh at redhat.com> 2.0.1-2
* Wed Feb 7 2007 Dan Walsh <dwalsh at redhat.com> 2.0.1-1
- Upgrade to latest from NSA
	* Merged libsepol segfault fix from Stephen Smalley for when
	  sensitivities are required but not present in the base.
	* Merged patch to add errcodes.h to libsepol by Karl MacMillan.
	
* Fri Jan 19 2007 Dan Walsh <dwalsh at redhat.com> 1.16.0-1
- Upgrade to latest from NSA
	* Updated version for stable branch.


libsepol-rhat.patch:
 include/sepol/policydb/conditional.h |    2 +
 src/conditional.c                    |   60 +++++++++++++++++++----------------
 src/expand.c                         |   55 ++++++++++++++++++++++++++++++--
 src/private.h                        |    3 +
 4 files changed, 91 insertions(+), 29 deletions(-)

Index: libsepol-rhat.patch
===================================================================
RCS file: /cvs/dist/rpms/libsepol/devel/libsepol-rhat.patch,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- libsepol-rhat.patch	8 May 2006 14:15:58 -0000	1.14
+++ libsepol-rhat.patch	28 Mar 2007 18:55:21 -0000	1.15
@@ -1,11 +1,237 @@
-diff --exclude-from=exclude -N -u -r nsalibsepol/Makefile libsepol-1.12.8/Makefile
---- nsalibsepol/Makefile	2006-05-08 09:52:40.000000000 -0400
-+++ libsepol-1.12.8/Makefile	2006-05-08 10:12:29.000000000 -0400
-@@ -1,7 +1,6 @@
- all: 
- 	$(MAKE) -C src 
- 	$(MAKE) -C utils
--	$(MAKE) -C tests
+diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/policydb/conditional.h libsepol-2.0.1/include/sepol/policydb/conditional.h
+--- nsalibsepol/include/sepol/policydb/conditional.h	2006-11-16 17:14:15.000000000 -0500
++++ libsepol-2.0.1/include/sepol/policydb/conditional.h	2007-03-28 14:13:02.000000000 -0400
+@@ -100,6 +100,8 @@
+ 				   cond_node_t * needle, cond_node_t * haystack,
+ 				   int *was_created);
  
- install: 
- 	$(MAKE) -C include install
++extern cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node);
++
+ extern cond_node_t *cond_node_search(policydb_t * p, cond_node_t * list,
+ 				     cond_node_t * cn);
+ 
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/conditional.c libsepol-2.0.1/src/conditional.c
+--- nsalibsepol/src/conditional.c	2006-11-16 17:14:24.000000000 -0500
++++ libsepol-2.0.1/src/conditional.c	2007-03-28 14:13:02.000000000 -0400
+@@ -26,9 +26,6 @@
+ 
+ #include "private.h"
+ 
+-#undef min
+-#define min(a,b) (((a) < (b)) ? (a) : (b))
+-
+ /* move all type rules to top of t/f lists to help kernel on evaluation */
+ static void cond_optimize(cond_av_list_t ** l)
+ {
+@@ -136,6 +133,38 @@
+ 	return 1;
+ }
+ 
++/* Create a new conditional node, optionally copying
++ * the conditional expression from an existing node.
++ * If node is NULL then a new node will be created
++ * with no conditional expression.
++ */
++cond_node_t *cond_node_create(policydb_t * p, cond_node_t * node)
++{
++	cond_node_t *new_node;
++	unsigned int i;
++
++	new_node = (cond_node_t *)malloc(sizeof(cond_node_t));
++	if (!new_node) {
++		return NULL;
++	}
++	memset(new_node, 0, sizeof(cond_node_t));
++
++	if (node) {
++		new_node->expr = cond_copy_expr(node->expr);
++		if (!new_node->expr) {
++			free(new_node);
++			return NULL;
++		}
++		new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
++		new_node->nbools = node->nbools;
++		for (i = 0; i < min(node->nbools, COND_MAX_BOOLS); i++)
++			new_node->bool_ids[i] = node->bool_ids[i];
++		new_node->expr_pre_comp = node->expr_pre_comp;
++	}
++
++	return new_node;
++}
++
+ /* Find a conditional (the needle) within a list of existing ones (the
+  * haystack) that has a matching expression.  If found, return a
+  * pointer to the existing node, setting 'was_created' to 0.
+@@ -145,9 +174,6 @@
+ 			    cond_node_t * needle, cond_node_t * haystack,
+ 			    int *was_created)
+ {
+-	cond_node_t *new_node;
+-	unsigned int i;
+-
+ 	while (haystack) {
+ 		if (cond_expr_equal(needle, haystack)) {
+ 			*was_created = 0;
+@@ -156,26 +182,8 @@
+ 		haystack = haystack->next;
+ 	}
+ 	*was_created = 1;
+-	new_node = (cond_node_t *) malloc(sizeof(cond_node_t));
+-	if (!new_node) {
+-		return NULL;
+-	}
+-	memset(new_node, 0, sizeof(cond_node_t));
+-	new_node->expr = cond_copy_expr(needle->expr);
+-	if (!new_node->expr) {
+-		free(new_node);
+-		return NULL;
+-	}
+-	new_node->cur_state = cond_evaluate_expr(p, new_node->expr);
+-	new_node->nbools = needle->nbools;
+-	for (i = 0; i < min(needle->nbools, COND_MAX_BOOLS); i++)
+-		new_node->bool_ids[i] = needle->bool_ids[i];
+-	new_node->expr_pre_comp = needle->expr_pre_comp;
+-	new_node->true_list = NULL;
+-	new_node->false_list = NULL;
+-	new_node->avtrue_list = NULL;
+-	new_node->avfalse_list = NULL;
+-	return new_node;
++
++	return cond_node_create(p, needle);
+ }
+ 
+ /* return either a pre-existing matching node or create a new node */
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.1/src/expand.c
+--- nsalibsepol/src/expand.c	2007-02-07 12:11:48.000000000 -0500
++++ libsepol-2.0.1/src/expand.c	2007-03-28 14:13:02.000000000 -0400
+@@ -35,10 +35,12 @@
+ #include <assert.h>
+ 
+ #include "debug.h"
++#include "private.h"
+ 
+ typedef struct expand_state {
+ 	int verbose;
+ 	uint32_t *typemap;
++	uint32_t *boolmap;
+ 	policydb_t *base;
+ 	policydb_t *out;
+ 	sepol_handle_t *handle;
+@@ -791,8 +793,8 @@
+ 		return -1;
+ 	}
+ 
+-	new_bool->s.value = bool->s.value;
+ 	state->out->p_bools.nprim++;
++	new_bool->s.value = state->out->p_bools.nprim;
+ 
+ 	ret = hashtab_insert(state->out->p_bools.table,
+ 			     (hashtab_key_t) new_id,
+@@ -804,6 +806,8 @@
+ 		return -1;
+ 	}
+ 
++	state->boolmap[bool->s.value - 1] = new_bool->s.value;
++
+ 	new_bool->state = bool->state;
+ 
+ 	return 0;
+@@ -1555,12 +1559,35 @@
+ 	return 0;
+ }
+ 
++static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
++{
++	cond_expr_t *cur;
++	unsigned int i;
++
++	cur = cn->expr;
++	while (cur) {
++		if (cur->bool)
++			cur->bool = state->boolmap[cur->bool - 1];
++		cur = cur->next;
++	}
++
++	for (i = 0; i < min(cn->nbools, COND_MAX_BOOLS); i++)
++		cn->bool_ids[i] = state->boolmap[cn->bool_ids[i] - 1];
++
++	if (cond_normalize_expr(state->out, cn)) {
++		ERR(state->handle, "Error while normalizing conditional");
++		return -1;
++	}
++
++	return 0;
++}
++
+ /* copy the nodes in *reverse* order -- the result is that the last
+  * given conditional appears first in the policy, so as to match the
+  * behavior of the upstream compiler */
+ static int cond_node_copy(expand_state_t * state, cond_node_t * cn)
+ {
+-	cond_node_t *new_cond;
++	cond_node_t *new_cond, *tmp;
+ 
+ 	if (cn == NULL) {
+ 		return 0;
+@@ -1573,11 +1600,26 @@
+ 		return -1;
+ 	}
+ 
+-	new_cond = cond_node_search(state->out, state->out->cond_list, cn);
++	/* create a new temporary conditional node with the booleans
++	 * mapped */
++	tmp = cond_node_create(state->base, cn);
++	if (!tmp) {
++		ERR(state->handle, "Out of memory");
++		return -1;
++	}
++
++	if (cond_node_map_bools(state, tmp)) {
++		ERR(state->handle, "Error mapping booleans");
++		return -1;
++	}
++
++	new_cond = cond_node_search(state->out, state->out->cond_list, tmp);
+ 	if (!new_cond) {
++		cond_node_destroy(tmp);
+ 		ERR(state->handle, "Out of memory!");
+ 		return -1;
+ 	}
++	cond_node_destroy(tmp);
+ 
+ 	if (cond_avrule_list_copy
+ 	    (state->out, cn->avtrue_list, &state->out->te_cond_avtab,
+@@ -2210,6 +2252,12 @@
+ 		goto cleanup;
+ 	}
+ 
++	state.boolmap = (uint32_t *)calloc(state.base->p_bools.nprim, sizeof(uint32_t));
++	if (!state.boolmap) {
++		ERR(handle, "Out of memory!");
++		goto cleanup;
++	}
++
+ 	/* order is important - types must be first */
+ 
+ 	/* copy types */
+@@ -2364,6 +2412,7 @@
+ 
+       cleanup:
+ 	free(state.typemap);
++	free(state.boolmap);
+ 	return retval;
+ }
+ 
+diff --exclude-from=exclude -N -u -r nsalibsepol/src/private.h libsepol-2.0.1/src/private.h
+--- nsalibsepol/src/private.h	2007-02-07 12:11:48.000000000 -0500
++++ libsepol-2.0.1/src/private.h	2007-03-28 14:13:02.000000000 -0400
+@@ -24,6 +24,9 @@
+ #define le64_to_cpu(x) bswap_64(x)
+ #endif
+ 
++#undef min
++#define min(a,b) (((a) < (b)) ? (a) : (b))
++
+ /* Policy compatibility information. */
+ struct policydb_compat_info {
+ 	unsigned int type;


Index: libsepol.spec
===================================================================
RCS file: /cvs/dist/rpms/libsepol/devel/libsepol.spec,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -r1.153 -r1.154
--- libsepol.spec	7 Feb 2007 17:18:00 -0000	1.153
+++ libsepol.spec	28 Mar 2007 18:55:21 -0000	1.154
@@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 2.0.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
+Patch: libsepol-rhat.patch
 
 Prefix: %{_prefix}
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -37,6 +38,7 @@
 
 %prep
 %setup -q
+%patch -p1 -b .rhat
 # sparc64 is an -fPIC arch, so we need to fix it here
 %ifarch sparc64
 sed -i 's/fpic/fPIC/g' src/Makefile
@@ -85,6 +87,7 @@
 /%{_lib}/libsepol.so.1
 
 %changelog
+* Wed Mar 28 2007 Dan Walsh <dwalsh at redhat.com> 2.0.1-2
 * Wed Feb 7 2007 Dan Walsh <dwalsh at redhat.com> 2.0.1-1
 - Upgrade to latest from NSA
 	* Merged libsepol segfault fix from Stephen Smalley for when

More information about the fedora-cvs-commits mailing list