WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-changelog

[Xen-changelog] [xen-unstable] XSM: Restore policy backwards compatibili

To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] XSM: Restore policy backwards compatibility
From: Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Dec 2009 06:00:25 -0800
Delivery-date: Wed, 16 Dec 2009 06:00:42 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx
# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1260966103 0
# Node ID 91ec068176323568191f27e6c001085bd2bb242d
# Parent  f9998fedea78fb8a263a5eae8c747c76ed2fee99
XSM: Restore policy backwards compatibility

This restores backwards compatibility with older XSM policy. Policies
built with older versions of checkpolicy will once again work in Xen.

Signed-off-by : Paul Nuzzi <pjnuzzi@xxxxxxxxxxxxxx>
---
 xen/xsm/flask/ss/policydb.c |   27 +++++++++++++++++++++++----
 xen/xsm/flask/ss/policydb.h |    1 +
 2 files changed, 24 insertions(+), 4 deletions(-)

diff -r f9998fedea78 -r 91ec06817632 xen/xsm/flask/ss/policydb.c
--- a/xen/xsm/flask/ss/policydb.c       Wed Dec 16 12:20:57 2009 +0000
+++ b/xen/xsm/flask/ss/policydb.c       Wed Dec 16 12:21:43 2009 +0000
@@ -66,6 +66,7 @@ struct policydb_compat_info {
     int version;
     int sym_num;
     int ocon_num;
+    int target_type;
 };
 
 /* These need to be updated if SYM_NUM or OCON_NUM changes */
@@ -74,62 +75,80 @@ static struct policydb_compat_info polic
         .version        = POLICYDB_VERSION_BASE,
         .sym_num        = SYM_NUM - 3,
         .ocon_num       = OCON_NUM - 1,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
         .version        = POLICYDB_VERSION_BOOL,
         .sym_num        = SYM_NUM - 2,
         .ocon_num       = OCON_NUM - 1,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
         .version        = POLICYDB_VERSION_IPV6,
         .sym_num        = SYM_NUM - 2,
         .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
         .version        = POLICYDB_VERSION_NLCLASS,
         .sym_num        = SYM_NUM - 2,
         .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
         .version        = POLICYDB_VERSION_MLS,
         .sym_num        = SYM_NUM,
         .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
         .version        = POLICYDB_VERSION_AVTAB,
         .sym_num        = SYM_NUM,
         .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
        .version        = POLICYDB_VERSION_RANGETRANS,
        .sym_num        = SYM_NUM,
        .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
        .version        = POLICYDB_VERSION_POLCAP,
        .sym_num        = SYM_NUM,
        .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
        .version        = POLICYDB_VERSION_PERMISSIVE,
        .sym_num        = SYM_NUM,
        .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN_OLD,
+    },
+    {
+       .version        = POLICYDB_VERSION_BOUNDARY,
+        .sym_num        = SYM_NUM,
+        .ocon_num       = OCON_NUM_OLD,
+        .target_type    = TARGET_XEN_OLD,
     },
     {
        .version        = POLICYDB_VERSION_BOUNDARY,
        .sym_num        = SYM_NUM,
        .ocon_num       = OCON_NUM,
+        .target_type    = TARGET_XEN,
     },
 };
 
-static struct policydb_compat_info *policydb_lookup_compat(int version)
+static struct policydb_compat_info *policydb_lookup_compat(int version,
+                                                            int target)
 {
     int i;
     struct policydb_compat_info *info = NULL;
 
     for ( i = 0; i < sizeof(policydb_compat)/sizeof(*info); i++ )
     {
-        if ( policydb_compat[i].version == version )
+        if ( policydb_compat[i].version == version &&
+             policydb_compat[i].target_type == target )
         {
             info = &policydb_compat[i];
             break;
@@ -1838,11 +1857,11 @@ int policydb_read(struct policydb *p, vo
          ebitmap_read(&p->permissive_map, fp) != 0 )
         goto bad;
 
-    info = policydb_lookup_compat(p->policyvers);
+    info = policydb_lookup_compat(p->policyvers, p->target_type);
     if ( !info )
     {
         printk(KERN_ERR "Flask:  unable to find policy compat info "
-               "for version %d\n", p->policyvers);
+               "for version %d target %d\n", p->policyvers, p->target_type);
         goto bad;
     }
 
diff -r f9998fedea78 -r 91ec06817632 xen/xsm/flask/ss/policydb.h
--- a/xen/xsm/flask/ss/policydb.h       Wed Dec 16 12:20:57 2009 +0000
+++ b/xen/xsm/flask/ss/policydb.h       Wed Dec 16 12:21:43 2009 +0000
@@ -181,6 +181,7 @@ struct ocontext {
 #define OCON_IOMEM   3    /* io memory */
 #define OCON_DEVICE  4    /* pci devices */
 #define OCON_NUM     5
+#define OCON_NUM_OLD 7
 
 /* The policy database */
 struct policydb {

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] XSM: Restore policy backwards compatibility, Xen patchbot-unstable <=