From patchwork Wed Jul 26 14:25:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13328164 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 061CCC41513 for ; Wed, 26 Jul 2023 14:26:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233043AbjGZO0C (ORCPT ); Wed, 26 Jul 2023 10:26:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234485AbjGZO0A (ORCPT ); Wed, 26 Jul 2023 10:26:00 -0400 Received: from mail-vk1-xa2f.google.com (mail-vk1-xa2f.google.com [IPv6:2607:f8b0:4864:20::a2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6B451B8 for ; Wed, 26 Jul 2023 07:25:58 -0700 (PDT) Received: by mail-vk1-xa2f.google.com with SMTP id 71dfb90a1353d-486487be6aeso481915e0c.1 for ; Wed, 26 Jul 2023 07:25:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1690381557; x=1690986357; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=u8XYB2wTHqEeTQIYLWcK3hZnQZBUmPmtBSTX1IvNBZY=; b=HjruF3Km6drLQBHohF9bMGENxxkvCTR/Pnyo63CSuPXpA9kFj+vGG1MlBYvWJhDkt4 4o/ejsy1svGUVb7IkaWfss+Yi8lD8ySfVoCiGkT6FCG77xv07J8vT8ZzC9HIGScaRAP4 1hZSfvEuAM20qOzxIrvwKZxYdvr4X8n8GaFAVnCWyz/NdINfvuAJSz7rNRhQIV3cUSwd HcnGNw1htX7HhormWToko1rm4iN2qDKLJGrtM3lrhuFaLczjg+eaMptk/p8JJTg2n5Mb 7AtUKarCo94s754W9IK1p4Qyf+URQMAJgB9Xvqpb0EI9d+NTZP/LwtIxR5iJqcEB4ATQ 9tuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1690381557; x=1690986357; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u8XYB2wTHqEeTQIYLWcK3hZnQZBUmPmtBSTX1IvNBZY=; b=ioC7OeJhbbA8CvUkSy7UcZvYO9o8ha1sLrUUzvPFCaojHYSlY0AQCF6uat7Y6QdezX O/GK0qs2Be9oYgAEnf+3P9Nh6QyoskVt+y85BJ8WvUuUva6GSeAQqj8U6bBLUHebdSVL gungdUCly0Tq86FNlLuIbVwGZEJS0kWYnyY0FbOOAkTmpO/SHffBJ8CW1BET0y5wofbV f2ZZhkYHoex9nTLL+LBpi9o1UgCI8ZzO7kvhycEbyhHwWmsKu3QPr/qRyYz1S0aWqyBZ DznT/c07ZeHA3iPDLSh8JXTaYVY3Y80OO4rR/cWjkYxk1jkweenhaGHIscAqMPxY0KcE te8g== X-Gm-Message-State: ABy/qLYtsh+KxSuiIZDbbx4ug0UgeDoX6YTAEN4WAID6hYZxJ3MDzXNS A2yd3LVaWveTy1oO4GHeuuCT2817wRvFmg== X-Google-Smtp-Source: APBJJlEGWGOIJaTy6wy53sCBzQUCIPrsLRKG+601tfxDlNOFuCi+ZE0mS4vuM9Xh6g06ti+34JuD+g== X-Received: by 2002:a1f:bfd7:0:b0:486:4a16:63c6 with SMTP id p206-20020a1fbfd7000000b004864a1663c6mr868877vkf.15.1690381557309; Wed, 26 Jul 2023 07:25:57 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id z20-20020a0cf014000000b006362d4eeb6esm5066471qvk.144.2023.07.26.07.25.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 26 Jul 2023 07:25:56 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: juraj@jurajmarcin.com, James Carter Subject: [PATCH 4/8] Revert "libsepol: implement new module binary format of avrule" Date: Wed, 26 Jul 2023 10:25:45 -0400 Message-ID: <20230726142549.94685-5-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230726142549.94685-1-jwcart2@gmail.com> References: <20230726142549.94685-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org This reverts commit 11013986ac484586e50ce318f4f10c1edf39e746. Signed-off-by: James Carter --- libsepol/include/sepol/policydb/policydb.h | 3 +-- libsepol/src/policydb.c | 28 ---------------------- libsepol/src/write.c | 24 +++---------------- 3 files changed, 4 insertions(+), 51 deletions(-) diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h index 5efd0a47..528c1cad 100644 --- a/libsepol/include/sepol/policydb/policydb.h +++ b/libsepol/include/sepol/policydb/policydb.h @@ -749,10 +749,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform); #define MOD_POLICYDB_VERSION_INFINIBAND 19 #define MOD_POLICYDB_VERSION_GLBLUB 20 #define MOD_POLICYDB_VERSION_SELF_TYPETRANS 21 -#define MOD_POLICYDB_VERSION_AVRULE_FTRANS 22 #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE -#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_AVRULE_FTRANS +#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_SELF_TYPETRANS #define POLICYDB_CONFIG_MLS 1 diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 37bb97a1..b15d4163 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -341,13 +341,6 @@ static const struct policydb_compat_info policydb_compat[] = { .ocon_num = OCON_IBENDPORT + 1, .target_platform = SEPOL_TARGET_SELINUX, }, - { - .type = POLICY_BASE, - .version = MOD_POLICYDB_VERSION_AVRULE_FTRANS, - .sym_num = SYM_NUM, - .ocon_num = OCON_IBENDPORT + 1, - .target_platform = SEPOL_TARGET_SELINUX, - }, { .type = POLICY_MOD, .version = MOD_POLICYDB_VERSION_BASE, @@ -474,13 +467,6 @@ static const struct policydb_compat_info policydb_compat[] = { .ocon_num = 0, .target_platform = SEPOL_TARGET_SELINUX, }, - { - .type = POLICY_MOD, - .version = MOD_POLICYDB_VERSION_AVRULE_FTRANS, - .sym_num = SYM_NUM, - .ocon_num = 0, - .target_platform = SEPOL_TARGET_SELINUX, - }, }; #if 0 @@ -3216,19 +3202,6 @@ static avrule_t *avrule_read(policydb_t * p, struct policy_file *fp) tail = cur; } - if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS && - avrule->specified & AVRULE_TRANSITION) { - rc = next_entry(buf, fp, sizeof(uint32_t)); - if (rc < 0) - goto bad; - len = le32_to_cpu(*buf); - if (len) { - rc = str_read(&avrule->object_name, fp, len); - if (rc < 0) - goto bad; - } - } - if (avrule->specified & AVRULE_XPERMS) { uint8_t buf8; size_t nel = ARRAY_SIZE(avrule->xperms->perms); @@ -3660,7 +3633,6 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, } if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && - p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS && filename_trans_rule_read(p, &decl->avrules, fp)) return -1; diff --git a/libsepol/src/write.c b/libsepol/src/write.c index d7f47c8d..68495198 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -2025,9 +2025,8 @@ static int avrule_write(policydb_t *p, avrule_t * avrule, uint32_t buf[32], len; class_perm_node_t *cur; - /* skip filename transitions if writing older version without name */ - if (p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS && - avrule->specified & AVRULE_TRANSITION && avrule->object_name) + /* skip filename transitions for now */ + if (avrule->specified & AVRULE_TRANSITION && avrule->object_name) return POLICYDB_SUCCESS; if (p->policyvers < MOD_POLICYDB_VERSION_SELF_TYPETRANS && @@ -2074,21 +2073,6 @@ static int avrule_write(policydb_t *p, avrule_t * avrule, cur = cur->next; } - if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS && - avrule->specified & AVRULE_TRANSITION) { - len = avrule->object_name ? strlen(avrule->object_name) : 0; - *buf = cpu_to_le32(len); - items = put_entry(buf, sizeof(uint32_t), 1, fp); - if (items != 1) - return POLICYDB_ERROR; - if (avrule->object_name) { - items = put_entry(avrule->object_name, sizeof(char), - len, fp); - if (items != len) - return POLICYDB_ERROR; - } - } - if (avrule->specified & AVRULE_XPERMS) { size_t nel = ARRAY_SIZE(avrule->xperms->perms); uint32_t buf32[nel]; @@ -2138,8 +2122,7 @@ static int avrule_write_list(policydb_t *p, avrule_t * avrules, avrule = avrules; len = 0; while (avrule) { - if (p->policyvers >= MOD_POLICYDB_VERSION_AVRULE_FTRANS || - !(avrule->specified & AVRULE_TRANSITION && + if (!(avrule->specified & AVRULE_TRANSITION && avrule->object_name)) len++; avrule = avrule->next; @@ -2374,7 +2357,6 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms, } if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS && - p->policyvers < MOD_POLICYDB_VERSION_AVRULE_FTRANS && filename_trans_rule_write(p, decl->avrules, fp)) return POLICYDB_ERROR;