From ef7a7fd7b7127cc2a2448c1a71dabd694041273f899d16a9e661f4271c628bc1 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 25 Oct 2012 15:13:21 +0000 Subject: [PATCH] Accepting request 139269 from home:vitezslav_cizek:branches:security:SELinux - skip roles which are out of scope when expanding attributes - needed for building selinux-policy OBS-URL: https://build.opensuse.org/request/show/139269 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=31 --- libsepol-2.1.4-role_fix_callback.patch | 42 ++++++++++++++++++++++++++ libsepol.changes | 6 ++++ libsepol.spec | 2 ++ 3 files changed, 50 insertions(+) create mode 100644 libsepol-2.1.4-role_fix_callback.patch diff --git a/libsepol-2.1.4-role_fix_callback.patch b/libsepol-2.1.4-role_fix_callback.patch new file mode 100644 index 0000000..c73a34a --- /dev/null +++ b/libsepol-2.1.4-role_fix_callback.patch @@ -0,0 +1,42 @@ +From: Harry Ciao +To: +Subject: [v1 PATCH 1/1] role_fix_callback skips out-of-scope roles during + expansion. +Date: Sat, 25 Feb 2012 09:40:08 +0800 +Message-ID: <1330134008-3259-1-git-send-email-qingtao.cao@windriver.com> +X-Mailer: git-send-email 1.7.0.4 +MIME-Version: 1.0 +Content-Type: text/plain +Sender: owner-selinux@tycho.nsa.gov +Precedence: bulk +X-Mailing-List: selinux-tycho.nsa.gov +Content-Transfer-Encoding: 8bit + +If a role identifier is out of scope it would be skipped over during +expansion, accordingly, be it a role attribute, it should be skipped +over as well when role_fix_callback tries to propagate its capability +to all its sub-roles. + +Signed-off-by: Harry Ciao +--- + libsepol/src/expand.c | 5 +++++ + 1 files changed, 5 insertions(+), 0 deletions(-) + +diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c +index 493e478..befb720 100644 +--- libsepol/src/expand.c ++++ libsepol/src/expand.c +@@ -688,6 +688,11 @@ static int role_fix_callback(hashtab_key_t key, hashtab_datum_t datum, + return 0; + } + ++ if (!is_id_enabled(id, state->base, SYM_ROLES)) { ++ /* identifier's scope is not enabled */ ++ return 0; ++ } ++ + if (role->flavor != ROLE_ATTRIB) + return 0; + +-- +1.7.0.4 diff --git a/libsepol.changes b/libsepol.changes index f9be9cb..40109d7 100644 --- a/libsepol.changes +++ b/libsepol.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Oct 25 10:47:00 UTC 2012 - vcizek@suse.com + +- skip roles which are out of scope when expanding attributes +- needed for building selinux-policy + ------------------------------------------------------------------- Wed Jul 25 11:16:59 UTC 2012 - meissner@suse.com diff --git a/libsepol.spec b/libsepol.spec index 4005a71..10ae7e2 100644 --- a/libsepol.spec +++ b/libsepol.spec @@ -25,6 +25,7 @@ License: LGPL-2.1+ Group: System/Libraries Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz Source2: baselibs.conf +Patch: libsepol-2.1.4-role_fix_callback.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config %define debug_package_requires libsepol1 = %{version}-%{release} @@ -99,6 +100,7 @@ policies. %prep %setup -q +%patch -p1 %build make %{?_smp_mflags} CC="%{__cc}" CFLAGS="$RPM_OPT_FLAGS"