@@ -31,7 +31,6 @@
#include <sepol/policydb/sidtab.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "parse_util.h"
static sidtab_t sidtab;
@@ -43,9 +42,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
static const char *txtfile = "policy.conf";
static const char *binfile = "policy";
-static unsigned int policy_type = POLICY_BASE;
-unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
-
static int read_binary_policy(policydb_t * p, const char *file, const char *progname)
{
int fd;
@@ -107,7 +103,7 @@ static int read_binary_policy(policydb_t * p, const char *file, const char *prog
return 0;
}
-static int write_binary_policy(policydb_t * p, FILE *outfp)
+static int write_binary_policy(policydb_t * p, FILE *outfp, unsigned int policy_type, unsigned int policyvers)
{
struct policy_file pf;
@@ -150,6 +146,8 @@ int main(int argc, char **argv)
{
const char *file = txtfile, *outfile = NULL;
unsigned int binary = 0, cil = 0, disable_neverallow = 0;
+ unsigned int policy_type = POLICY_BASE;
+ unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
int ch;
int show_version = 0;
policydb_t modpolicydb;
@@ -279,6 +277,7 @@ int main(int argc, char **argv)
modpolicydb.policy_type = policy_type;
modpolicydb.mls = mlspol;
modpolicydb.handle_unknown = handle_unknown;
+ modpolicydb.policyvers = policyvers;
if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
@@ -343,7 +342,7 @@ int main(int argc, char **argv)
}
if (!cil) {
- if (write_binary_policy(&modpolicydb, outfp) != 0) {
+ if (write_binary_policy(&modpolicydb, outfp, policy_type, policyvers) != 0) {
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
exit(1);
}
@@ -89,7 +89,6 @@
#include <sepol/policydb/link.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "parse_util.h"
static policydb_t policydb;
@@ -103,8 +102,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
static const char *txtfile = "policy.conf";
static const char *binfile = "policy";
-unsigned int policyvers = 0;
-
static __attribute__((__noreturn__)) void usage(const char *progname)
{
printf
@@ -395,6 +392,7 @@ int main(int argc, char **argv)
unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0, optimize = 0, disable_neverallow = 0;
struct val_to_name v;
int ret, ch, fd, target = SEPOL_TARGET_SELINUX;
+ unsigned int policyvers = 0;
unsigned int nel, uret;
struct stat sb;
void *map;
@@ -613,6 +611,7 @@ int main(int argc, char **argv)
/* Let sepol know if we are dealing with MLS support */
parse_policy.mls = mlspol;
parse_policy.handle_unknown = handle_unknown;
+ parse_policy.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
policydbp = &parse_policy;
@@ -637,11 +636,10 @@ int main(int argc, char **argv)
fprintf(stderr, "Error while expanding policy\n");
exit(1);
}
+ policydb.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
policydb_destroy(policydbp);
policydbp = &policydb;
}
-
- policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
}
if (policydb_load_isids(&policydb, &sidtab))
deleted file mode 100644
@@ -1,6 +0,0 @@
-#ifndef _CHECKPOLICY_H_
-#define _CHECKPOLICY_H_
-
-extern unsigned int policyvers;
-
-#endif
@@ -200,6 +200,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
parsepolicydb.policy_type = POLICY_BASE;
parsepolicydb.mls = mls;
parsepolicydb.handle_unknown = DENY_UNKNOWN;
+ parsepolicydb.policyvers = policyvers;
policydb_set_target_platform(&parsepolicydb, platform);
if (read_source_policy(&parsepolicydb, data, size))
@@ -55,7 +55,6 @@
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/polcaps.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "module_compiler.h"
#include "policy_define.h"
@@ -49,7 +49,6 @@
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/polcaps.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "module_compiler.h"
#include "policy_define.h"