WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] [security] When building the binary polic

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] [security] When building the binary policy align its contents the same way as the
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Apr 2007 17:40:09 -0700
Delivery-date: Thu, 19 Apr 2007 17:39:33 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir@xxxxxxxxxxxxx>
# Date 1177007359 -3600
# Node ID 186e2cf99bbbc4d953decf1d8581fdc410f8d495
# Parent  438f3a016fd804b17a1ee869c5196d092613a780
[security] When building the binary policy align its contents the same way as 
the
ACM module does when returning its contents.
Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxx>
---
 tools/security/secpol_tool.c    |   12 +++------
 tools/security/secpol_xml2bin.c |   53 ++++++++++++++++++++++++++--------------
 2 files changed, 39 insertions(+), 26 deletions(-)

diff -r 438f3a016fd8 -r 186e2cf99bbb tools/security/secpol_tool.c
--- a/tools/security/secpol_tool.c      Thu Apr 19 19:22:12 2007 +0100
+++ b/tools/security/secpol_tool.c      Thu Apr 19 19:29:19 2007 +0100
@@ -42,8 +42,6 @@
 #define PERROR(_m, _a...) \
 fprintf(stderr, "ERROR: " _m " (%d = %s)\n" , ## _a ,  \
                 errno, strerror(errno))
-
-#define ALIGN8(x)  (void *)(((long)(x) + 7) & ~7)
 
 void usage(char *progname)
 {
@@ -192,15 +190,14 @@ void acm_dump_policy_buffer(void *buf, i
            ntohl(pol->secondary_buffer_offset));
     switch (ntohl(pol->primary_policy_code)) {
     case ACM_CHINESE_WALL_POLICY:
-        acm_dump_chinesewall_buffer(ALIGN8(buf +
-                                     ntohl(pol->primary_buffer_offset)),
+        acm_dump_chinesewall_buffer(buf + ntohl(pol->primary_buffer_offset),
                                     ntohl(pol->len) -
                                     ntohl(pol->primary_buffer_offset),
                                     chwall_ref);
         break;
 
     case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
-        acm_dump_ste_buffer(ALIGN8(buf + ntohl(pol->primary_buffer_offset)),
+        acm_dump_ste_buffer(buf + ntohl(pol->primary_buffer_offset),
                             ntohl(pol->len) -
                             ntohl(pol->primary_buffer_offset),
                             ste_ref);
@@ -216,15 +213,14 @@ void acm_dump_policy_buffer(void *buf, i
 
     switch (ntohl(pol->secondary_policy_code)) {
     case ACM_CHINESE_WALL_POLICY:
-        acm_dump_chinesewall_buffer(ALIGN8(buf +
-                                     ntohl(pol->secondary_buffer_offset)),
+        acm_dump_chinesewall_buffer(buf + ntohl(pol->secondary_buffer_offset),
                                     ntohl(pol->len) -
                                     ntohl(pol->secondary_buffer_offset),
                                     chwall_ref);
         break;
 
     case ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY:
-        acm_dump_ste_buffer(ALIGN8(buf + ntohl(pol->secondary_buffer_offset)),
+        acm_dump_ste_buffer(buf + ntohl(pol->secondary_buffer_offset),
                             ntohl(pol->len) -
                             ntohl(pol->secondary_buffer_offset),
                             ste_ref);
diff -r 438f3a016fd8 -r 186e2cf99bbb tools/security/secpol_xml2bin.c
--- a/tools/security/secpol_xml2bin.c   Thu Apr 19 19:22:12 2007 +0100
+++ b/tools/security/secpol_xml2bin.c   Thu Apr 19 19:29:19 2007 +0100
@@ -46,6 +46,8 @@
 
 #define NULL_LABEL_NAME "__NULL_LABEL__"
 
+#define ROUND8(x)   ((x + 7) & ~7)
+
 /* primary / secondary policy component setting */
 enum policycomponent { CHWALL, STE, NULLPOLICY }
     primary = NULLPOLICY, secondary = NULLPOLICY;
@@ -1152,6 +1154,19 @@ unsigned char *write_ste_binary(u_int32_
     return buf;                 /* for now */
 }
 
+static ssize_t write_padded(int fd, const void *buf, size_t count)
+{
+    int rc;
+    static const char padding[7] = {0,0,0,0,0,0,0};
+    unsigned int len = ROUND8(count) - count;
+
+    rc = write(fd, buf, count);
+    if (rc == count && len > 0) {
+        write(fd, padding, len);
+    }
+    return rc;
+}
+
 int write_binary(char *filename)
 {
     struct acm_policy_buffer header;
@@ -1183,35 +1198,37 @@ int write_binary(char *filename)
     header.xml_pol_version.major = htonl(major);
     header.xml_pol_version.minor = htonl(minor);
 
-    len = sizeof(struct acm_policy_buffer);
+    len = ROUND8(sizeof(struct acm_policy_buffer));
     if (have_chwall)
-        len += len_chwall;
+        len += ROUND8(len_chwall);
     if (have_ste)
-        len += len_ste;
-    len += len_pr;              /* policy reference is mandatory */
+        len += ROUND8(len_ste);
+    len += ROUND8(len_pr);           /* policy reference is mandatory */
     header.len = htonl(len);
 
     header.policy_reference_offset =
-        htonl(sizeof(struct acm_policy_buffer));
+        htonl(ROUND8(sizeof(struct acm_policy_buffer)));
 
     header.primary_buffer_offset =
-        htonl(sizeof(struct acm_policy_buffer) + len_pr);
+        htonl(ROUND8(sizeof(struct acm_policy_buffer)) +
+              ROUND8(len_pr));
     if (primary == CHWALL) {
         header.primary_policy_code = htonl(ACM_CHINESE_WALL_POLICY);
         header.secondary_buffer_offset =
-            htonl((sizeof(struct acm_policy_buffer)) + len_pr +
-                  len_chwall);
+            htonl(ROUND8(sizeof(struct acm_policy_buffer)) +
+                  ROUND8(len_pr) +
+                  ROUND8(len_chwall));
     } else if (primary == STE) {
         header.primary_policy_code =
             htonl(ACM_SIMPLE_TYPE_ENFORCEMENT_POLICY);
         header.secondary_buffer_offset =
-            htonl((sizeof(struct acm_policy_buffer)) + len_pr +
-                  len_ste);
+            htonl(ROUND8(sizeof(struct acm_policy_buffer)) +
+                  ROUND8(len_pr) +
+                  ROUND8(len_ste));
     } else {
         /* null policy */
         header.primary_policy_code = htonl(ACM_NULL_POLICY);
-        header.secondary_buffer_offset =
-            htonl(header.primary_buffer_offset);
+        header.secondary_buffer_offset = header.primary_buffer_offset;
     }
 
     if (secondary == CHWALL)
@@ -1222,25 +1239,25 @@ int write_binary(char *filename)
     else
         header.secondary_policy_code = htonl(ACM_NULL_POLICY);
 
-    if (write(fd, (void *) &header, sizeof(struct acm_policy_buffer))
+    if (write_padded(fd, (void *) &header, sizeof(struct acm_policy_buffer))
         != sizeof(struct acm_policy_buffer)) {
         ret = -EIO;
         goto out1;
     }
 
     /* write label reference name */
-    if (write(fd, policy_reference_buffer, len_pr) != len_pr) {
+    if (write_padded(fd, policy_reference_buffer, len_pr) != len_pr) {
         ret = -EIO;
         goto out1;
     }
     /* write primary policy component */
     if (primary == CHWALL) {
-        if (write(fd, chwall_buffer, len_chwall) != len_chwall) {
+        if (write_padded(fd, chwall_buffer, len_chwall) != len_chwall) {
             ret = -EIO;
             goto out1;
         }
     } else if (primary == STE) {
-        if (write(fd, ste_buffer, len_ste) != len_ste) {
+        if (write_padded(fd, ste_buffer, len_ste) != len_ste) {
             ret = -EIO;
             goto out1;
         }
@@ -1248,12 +1265,12 @@ int write_binary(char *filename)
 
     /* write secondary policy component */
     if (secondary == CHWALL) {
-        if (write(fd, chwall_buffer, len_chwall) != len_chwall) {
+        if (write_padded(fd, chwall_buffer, len_chwall) != len_chwall) {
             ret = -EIO;
             goto out1;
         }
     } else if (secondary == STE) {
-        if (write(fd, ste_buffer, len_ste) != len_ste) {
+        if (write_padded(fd, ste_buffer, len_ste) != len_ste) {
             ret = -EIO;
             goto out1;
         }

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] [security] When building the binary policy align its contents the same way as the, Xen patchbot-unstable <=