Mercurial > illumos > fmac
changeset 7838:ac651c812282
2131 checkpolicy produces different policy files on x86 & SPARC
author | John Weeks <john.weeks@sun.com> |
---|---|
date | Tue, 03 Jun 2008 17:45:24 -0700 |
parents | 1bcc760f39e0 |
children | 80a7460aad87 |
files | usr/src/cmd/fmac/checkpolicy/policy_parse.y usr/src/cmd/fmac/checkpolicy/policy_scan.l usr/src/cmd/fmac/checkpolicy/write.c usr/src/common/fmac/ss/policydb.c |
diffstat | 4 files changed, 37 insertions(+), 15 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/fmac/checkpolicy/policy_parse.y Fri May 02 19:07:02 2008 -0700 +++ b/usr/src/cmd/fmac/checkpolicy/policy_parse.y Tue Jun 03 17:45:24 2008 -0700 @@ -21,6 +21,11 @@ */ /* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* * Original files contributed to OpenSolaris.org under license by the * United States Government (NSA) to Sun Microsystems, Inc. */ @@ -34,7 +39,10 @@ #include "queue.h" #include <sys/fmac/av_inherit.h> #include <sys/fmac/security.h> +#include <sys/types.h> +#include <sys/socket.h> #include <netinet/in.h> +#include <arpa/inet.h> #include "checkpolicy.h" #include <stdint.h> #include <stdio.h> @@ -135,6 +143,7 @@ %token IDENTIFIER %token USER_IDENTIFIER %token NUMBER +%token IPV4ADDRESS %token EQUALS %token NOTEQUAL @@ -498,16 +507,14 @@ | GENFSCON identifier path security_context_def {if (define_genfs_context(0)) return -1;} ; -ipv4_addr_def : number '.' number '.' number '.' number +ipv4_addr_def : IPV4ADDRESS { - unsigned int addr; - unsigned char *p = ((unsigned char *)&addr); - - p[0] = $1 & 0xff; - p[1] = $3 & 0xff; - p[2] = $5 & 0xff; - p[3] = $7 & 0xff; - $$ = addr; + in_addr_t addr; + if (inet_pton(AF_INET, yytext, &addr) != 1) { + yyerror("invalid IPv4 address"); + return -1; + } + $$ = addr; /* network order */ } ; security_context_def : user_id ':' identifier ':' identifier opt_mls_range_def
--- a/usr/src/cmd/fmac/checkpolicy/policy_scan.l Fri May 02 19:07:02 2008 -0700 +++ b/usr/src/cmd/fmac/checkpolicy/policy_scan.l Tue Jun 03 17:45:24 2008 -0700 @@ -23,6 +23,11 @@ */ /* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* * Original files contributed to OpenSolaris.org under license by the * United States Government (NSA) to Sun Microsystems, Inc. */ @@ -47,8 +52,10 @@ %p 12500 %a 10000 %n 2500 -letter [A-Za-z] -digit [0-9] +letter [A-Za-z] +digit [0-9] +octet ({digit}{1,3}) +ipv4address {octet}((\.{octet}){3}) %% \n.* { strncpy(linebuf[lno], yytext+1, 255); linebuf[lno][254] = 0; @@ -161,6 +168,7 @@ {letter}({letter}|{digit}|_)* { return(IDENTIFIER); } {letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); } {digit}{digit}* { return(NUMBER); } +{ipv4address} { return(IPV4ADDRESS); } #[^\n]* { /* delete comments */ } [ \t\f]+ { /* delete whitespace */ } "==" { return(EQUALS); }
--- a/usr/src/cmd/fmac/checkpolicy/write.c Fri May 02 19:07:02 2008 -0700 +++ b/usr/src/cmd/fmac/checkpolicy/write.c Tue Jun 03 17:45:24 2008 -0700 @@ -20,6 +20,11 @@ */ /* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +/* * Original files contributed to OpenSolaris.org under license by the * United States Government (NSA) to Sun Microsystems, Inc. */ @@ -735,8 +740,9 @@ return (-1); break; case OCON_NODE: - buf[0] = SS_CPU_TO_LE32(c->u.node.addr); - buf[1] = SS_CPU_TO_LE32(c->u.node.mask); + /* store in network order */ + buf[0] = c->u.node.addr; + buf[1] = c->u.node.mask; items = fwrite(buf, sizeof (uint32_t), 2, fp); if (items != 2) return (-1);
--- a/usr/src/common/fmac/ss/policydb.c Fri May 02 19:07:02 2008 -0700 +++ b/usr/src/common/fmac/ss/policydb.c Tue Jun 03 17:45:24 2008 -0700 @@ -1237,8 +1237,9 @@ fp); if (items != 2) goto bad; - c->u.node.addr = SS_LE32_TO_CPU(buf[0]); - c->u.node.mask = SS_LE32_TO_CPU(buf[1]); + /* addr and mask stored in network order */ + c->u.node.addr = buf[0]; + c->u.node.mask = buf[1]; if (context_read_and_validate(&c->context[0], p, fp)) goto bad;