From: Gary Tierney <gary.tierney@gmx.com>
To: selinux@tycho.nsa.gov
Subject: Re: [PATCH 1/1] libsepol/cil: create user and role caches when building binary policy
Date: Mon, 3 Oct 2016 12:06:45 +0100 [thread overview]
Message-ID: <20161003110645.GA4599@workstation.home> (raw)
In-Reply-To: <ee13bc88daffcc4d136ed0d41ca8348ca3c16e36.1475491349.git.gary.tierney@gmx.com>
[-- Attachment #1: Type: text/plain, Size: 2615 bytes --]
On Mon, Oct 03, 2016 at 11:46:19AM +0100, Gary Tierney wrote:
> Pre-expands the role and user caches used in context validation when
> conerting a cildb to a binary policydb. This is currently only done
> when loading a binary policy and prevents context validation from
> working correctly with a newly built policy (i.e., when semanage builds
> a new policy and then runs genhomedircon).
>
> Also adds declarations for the hashtable mapping functions used:
> policydb_role_cache and policydb_user_cache().
>
> Signed-off-by: Gary Tierney <gary.tierney@gmx.com>
> ---
> libsepol/cil/src/cil_binary.c | 7 +++++++
> libsepol/include/sepol/policydb/policydb.h | 8 ++++++++
> 2 files changed, 15 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index cc73648..200101e 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -4794,6 +4794,13 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p
>
> }
>
> + /* This pre-expands the roles and users for context validity checking */
> + if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb))
> + return -1;
> +
> + if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb))
> + return -1;
> +
> rc = SEPOL_OK;
>
> exit:
> diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
> index 26cec13..d99fcf4 100644
> --- a/libsepol/include/sepol/policydb/policydb.h
> +++ b/libsepol/include/sepol/policydb/policydb.h
> @@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p);
> extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
> unsigned int verbose);
>
> +extern int policydb_role_cache(hashtab_key_t key,
> + hashtab_datum_t datum,
> + void *arg);
> +
> +extern int policydb_user_cache(hashtab_key_t key,
> + hashtab_datum_t datum,
> + void *arg);
> +
> extern int policydb_reindex_users(policydb_t * p);
>
> extern void policydb_destroy(policydb_t * p);
> --
> 2.4.11
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.
Ah, that return should be a goto. Sending a v2.
--
Gary Tierney
GPG fingerprint: 412C 0EF9 C305 68E6 B660 BDAF 706E D765 85AA 79D8
https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
prev parent reply other threads:[~2016-10-03 11:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-03 10:46 [PATCH 0/1] libsepol/cil: create role/user caches for context validation Gary Tierney
2016-10-03 10:46 ` [PATCH 1/1] libsepol/cil: create user and role caches when building binary policy Gary Tierney
2016-10-03 11:06 ` Gary Tierney [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161003110645.GA4599@workstation.home \
--to=gary.tierney@gmx.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.