[ SEMANAGE ] More work on policy_components.c

[ SEMANAGE ] More work on policy_components.c

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 1379 bytes --]

This patch makes the commit function shorter, and more intelligent, and 
implements a lot more of the "merge into base" function (but not all of 
it). It also adds comments in database.h about the behavior of the 
add(), modify(), and iterate() functions.

Note how I can loop over the components, and not care about the details 
(what's being loaded, what backend is it coming from, or going to).  
That's why I can implement one load handler, and not 5 of them 
(multiplied by the number of source and target backends). So, despite 
what Tresys says, I think I'll keep my method tables around, since I 
like them very much - oop is your friend.

Note the FIXME on the key that's supposed to be passed into modify - 
that indicates an interface flaw. I could easily hardcode the right 
key_extract function into the load_table...but I shouldn't have to do 
this. What really needs to be done is to add a function into the 
database interface that allows me to retrieve the record table that the 
database is using. Since I'm not sure what I'll do about keys, leave 
this out for now - I'll get back to it a bit later.

Once this detail is fixed, I can add attach/detach calls in commit for 
the policydb database(s), and this whole system should (in theory) work 
(minus the functions that are stubbed, or unimplemented). Of course, 
after that I'd need to carefully test it..


[-- Attachment #2: libsemanage.dbase_components.diff --]
[-- Type: text/x-patch, Size: 6458 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/database.h new/libsemanage/src/database.h
--- old/libsemanage/src/database.h	2005-10-06 15:22:48.000000000 -0400
+++ new/libsemanage/src/database.h	2005-10-19 21:00:36.000000000 -0400
@@ -45,12 +45,20 @@ typedef struct record_table {
 /* DBASE interface - method table */
 typedef struct dbase_table {
 
+	/* Add the specified record to
+	 * the database if it is not present,
+	 * or fail if it already exists */
+
 	int (*add) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_key_t* key,
 		record_t* data);
 
+	/* Add the specified record to the  
+	 * database if it not present. 
+	 * If it's present, replace it */
+
 	int (*modify) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
@@ -79,6 +87,12 @@ typedef struct dbase_table {
 		dbase_t* dbase,
 		int* response);
 
+	/* Execute the specified handler over 
+	 * the records of this database. The handler
+	 * can signal a successful exit by returning 1,
+	 * an error exit by returning -1, and continue by
+	 * returning 0 */
+
 	int (*iterate) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/policy_components.c new/libsemanage/src/policy_components.c
--- old/libsemanage/src/policy_components.c	2005-10-19 20:07:11.000000000 -0400
+++ new/libsemanage/src/policy_components.c	2005-10-19 20:54:20.000000000 -0400
@@ -4,85 +4,128 @@
 #include "modules.h"
 #include "debug.h"
 
-int semanage_base_merge_components(
-	semanage_handle_t* handle) {
-
-	//dbase_config_t* modules = dbase_modules_dbase(handle);
-	dbase_config_t* interfaces = semanage_iface_dbase_local(handle);
-	dbase_config_t* booleans = semanage_bool_dbase_local(handle);
-	dbase_config_t* users = semanage_user_dbase_local(handle);
-	dbase_config_t* ports = semanage_port_dbase_local(handle);
+#define MODE_SET    1
+#define MODE_MODIFY 2
 
+typedef struct load_handler_arg {
+	semanage_handle_t* handle;
+	dbase_config_t* dconfig;
+	int mode; 
+} load_handler_arg_t;
+
+static int load_handler(
+	record_t* record,
+	void* varg) {
+
+	load_handler_arg_t* arg = 
+		(load_handler_arg_t*) varg;
+
+	semanage_handle_t* handle = arg->handle;
+	dbase_t* dbase = arg->dconfig->dbase;
+	dbase_table_t* dtable = arg->dconfig->dtable;
+
+	switch (arg->mode) {
+		
+		case MODE_SET:
 #if 0
-	if (modules->dtable->iterate(handle,
-		modules->dbase, NULL, NULL, /* FIXME */) < 0)
-		goto err;	
+			if (dtable->set(handle, dtable,
+				NULL, /* FIXME: KEY */, record) < 0)
+				goto err;
 #endif
+			break;
+		
+		default:
+		case MODE_MODIFY:
+			if (dtable->modify(handle, dbase,
+				NULL, /* FIXME: KEY */ record) < 0)
+				goto err;
+			break;
 
-	if (interfaces->dtable->iterate(handle,
-		interfaces->dbase, NULL, NULL /* FIXME */) < 0)
-		goto err;
-
-	if (booleans->dtable->iterate(handle,
-		booleans->dbase, NULL, NULL /* FIXME */) < 0)
-		goto err;
-
-	if (users->dtable->iterate(handle, 
-		users->dbase, NULL, NULL /* FIXME */) < 0)
-		goto err;
-
-	if (ports->dtable->iterate(handle, 
-		ports->dbase, NULL, NULL /* FIXME */) < 0)
-		goto err;
-
-	return STATUS_SUCCESS;
+	}
+	return 0;
 
 	err:
 	/* FIXME: handle error */
-	return STATUS_SUCCESS;
+	return -1;
 }
 
-int semanage_commit_components(
+
+typedef struct load_table {
+	dbase_config_t* from;
+	dbase_config_t* to;
+	int mode;
+} load_table_t;
+
+int semanage_base_merge_components(
 	semanage_handle_t* handle) {
 
-	//dbase_config_t* modules = semanage_modules_dbase(handle);
-	dbase_config_t* interfaces = semanage_iface_dbase_local(handle);
-	dbase_config_t* booleans = semanage_bool_dbase_local(handle);
-	dbase_config_t* users = semanage_user_dbase_local(handle);
-	dbase_config_t* ports = semanage_port_dbase_local(handle);
-	dbase_config_t* seusers = semanage_seuser_dbase(handle);
+	int i;
+	const int CCOUNT = 4;
+	load_table_t components[4] = {
 
-#if 0
-        if (modules->dtable->flush(handle, modules->dbase) < 0)
-                goto err;
-#endif
+		/* FIXME: modules */
 
-        if (interfaces->dtable->flush(handle, interfaces->dbase) < 0)
-                goto err;
+		{ semanage_user_dbase_local(handle),
+		  semanage_user_dbase_policy(handle), MODE_MODIFY },
 
-        if (booleans->dtable->flush(handle, booleans->dbase) < 0)
-                goto err;
+		{ semanage_port_dbase_local(handle),
+		  semanage_port_dbase_policy(handle), MODE_MODIFY },
 
-	if (users->dtable->flush(handle, users->dbase) < 0) 
-		goto err;
+		{ semanage_iface_dbase_local(handle),
+		  semanage_iface_dbase_policy(handle), MODE_MODIFY },
+	
+		{ semanage_bool_dbase_local(handle),
+		  semanage_bool_dbase_policy(handle), MODE_SET },
+	};
+
+	load_handler_arg_t load_arg;
+	load_arg.handle = handle;
+
+	for (i = 0; i < CCOUNT; i++) {
+		dbase_config_t* from = components[i].from;
+		load_arg.dconfig = components[i].to;
+		load_arg.mode   = components[i].mode;
+
+		if (from->dtable->iterate(
+			handle, from->dbase, load_handler, &load_arg) < 0)
+			goto err;
+					
+	}	
 	
-	if (ports->dtable->flush(handle, ports->dbase) < 0) 
-		goto err;
+	return STATUS_SUCCESS;
+
+	err:
+	/* FIXME: handle error */
+	return STATUS_ERR;
+}
 
-	if (seusers->dtable->flush(handle,  seusers->dbase) < 0)
-		goto err;
+int semanage_commit_components(
+	semanage_handle_t* handle) {
+
+	int i;
+	const int CCOUNT = 5;
+	dbase_config_t* components[5] = {
+		/* semanage_modules_dbase(handle), */
+		semanage_iface_dbase_local(handle),
+		semanage_bool_dbase_local(handle),
+		semanage_user_dbase_local(handle),
+		semanage_port_dbase_local(handle),
+		semanage_seuser_dbase(handle)
+	};
+
+	for (i = 0; i < CCOUNT; i++) {
+		if (components[i]->dtable->flush(
+			handle, components[i]->dbase) < 0)
+			goto err;		 
+	}
 
 	return STATUS_SUCCESS;
 
 	err:
 	/* FIXME: handle error */
-#if 0
-	modules->dtable->drop_cache(handle, modules->dbase);
-#endif
-	interfaces->dtable->drop_cache(handle, interfaces->dbase);
-	booleans->dtable->drop_cache(handle, booleans->dbase);
-	users->dtable->drop_cache(handle, users->dbase);
-	ports->dtable->drop_cache(handle, ports->dbase);
-	seusers->dtable->drop_cache(handle, seusers->dbase);
+
+	for (i=0; i < CCOUNT; i++) 
+		components[i]->dtable->drop_cache(
+			handle, components[i]->dbase);
 	return STATUS_ERR;
 }

Re: [ SEMANAGE ] More work on policy_components.c

[Stephen Smalley]

On Wed, 2005-10-19 at 21:24 -0400, Ivan Gyurdiev wrote:
> This patch makes the commit function shorter, and more intelligent, and 
> implements a lot more of the "merge into base" function (but not all of 
> it). It also adds comments in database.h about the behavior of the 
> add(), modify(), and iterate() functions.

Also merged as of libsemanage 1.3.28.

> Note how I can loop over the components, and not care about the details 
> (what's being loaded, what backend is it coming from, or going to).  
> That's why I can implement one load handler, and not 5 of them 
> (multiplied by the number of source and target backends). So, despite 
> what Tresys says, I think I'll keep my method tables around, since I 
> like them very much - oop is your friend.

That should be "Oopses are your friend."  Oh, sorry, different topic.

> Once this detail is fixed, I can add attach/detach calls in commit for 
> the policydb database(s), and this whole system should (in theory) work 
> (minus the functions that are stubbed, or unimplemented). Of course, 
> after that I'd need to carefully test it..

Let's get that theory turned into practice RSN...

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More dbase things

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 644 bytes --]


> Let's get that theory turned into practice RSN...
>   
Allright, fine... let's add some more things.

Attach patch:
- stubs dbase function set()
- adds dbase function get_rtable(), and uses it to complete the merge 
function in policy components
- moves if0-ed code for merge and commit in the right place. and adds 
attach/detach
- adds error messages into dbase_policydb_cache
- changes error code for all stubs from STATUS_SUCCESS to STATUS_ERR, so 
that client won't crash, expecting that the function succeeded.

-----
I can now begin to test functionality, and fix bugs (and implement 
functions one by one, and add error messages).



[-- Attachment #2: libsemanage.further_dbase.diff --]
[-- Type: text/x-patch, Size: 18413 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/booleans_file.c new/libsemanage/src/booleans_file.c
--- old/libsemanage/src/booleans_file.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/booleans_file.c	2005-10-20 13:01:59.000000000 -0400
@@ -26,7 +26,7 @@ static int bool_print(
 	/* Stub */
 	bool = NULL;
 	str = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 static int bool_parse(
@@ -36,7 +36,7 @@ static int bool_parse(
 	/* Stub */
 	info = NULL;
 	bool = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 }
 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/booleans_policy.c new/libsemanage/src/booleans_policy.c
--- old/libsemanage/src/booleans_policy.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/booleans_policy.c	2005-10-20 13:02:22.000000000 -0400
@@ -127,7 +127,7 @@ int semanage_bool_query(
 	handle = NULL;
 	key = NULL;
 	response = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_bool_exists(
@@ -180,7 +180,7 @@ int semanage_bool_iterate(
 	handle = NULL;
 	handler = NULL;
 	handler_arg = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_bool_list(
@@ -192,5 +192,5 @@ int semanage_bool_list(
 	handle = NULL;
 	records = NULL;
 	count = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/database_default.c new/libsemanage/src/database_default.c
--- old/libsemanage/src/database_default.c	2005-10-19 12:13:26.000000000 -0400
+++ new/libsemanage/src/database_default.c	2005-10-20 12:18:27.000000000 -0400
@@ -58,6 +58,18 @@ static int dbase_default_modify (
 	return err_uninitialized(handle);
 }
 
+static int dbase_default_set (
+	semanage_handle_t* handle,
+	dbase_default_t* dbase,
+	record_key_t* key,
+	record_t* data) {
+	
+	key = NULL;
+	data = NULL;
+	dbase = NULL;
+	return err_uninitialized(handle);
+}
+
 static int dbase_default_del (
 	semanage_handle_t* handle,
 	dbase_default_t* dbase,
@@ -126,6 +138,18 @@ static int dbase_default_list (
 	return err_uninitialized(handle);
 }
 
+static record_table_t* dbase_default_get_rtable(
+	semanage_handle_t* handle,
+	dbase_default_t* dbase) {
+
+	handle = NULL;
+	dbase = NULL;
+	err_uninitialized(handle);
+
+	/* FIXME */
+	return NULL;
+}
+
 /* DEFAULT dbase - method table implementation */
 dbase_table_t SEMANAGE_DEFAULT_DTABLE = {
 	.drop_cache = dbase_default_drop_cache,
@@ -134,8 +158,10 @@ dbase_table_t SEMANAGE_DEFAULT_DTABLE = 
 	.exists = dbase_default_exists,
 	.list = dbase_default_list,
 	.add = dbase_default_add,
+	.set = dbase_default_set,
 	.del = dbase_default_del,
 	.modify = dbase_default_modify, 
 	.query = dbase_default_query,
 	.count = dbase_default_count,
+	.get_rtable = dbase_default_get_rtable
 };
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/database_file.c new/libsemanage/src/database_file.c
--- old/libsemanage/src/database_file.c	2005-10-19 12:13:26.000000000 -0400
+++ new/libsemanage/src/database_file.c	2005-10-20 13:01:44.000000000 -0400
@@ -375,6 +375,27 @@ static int dbase_file_add(
 	return STATUS_ERR;
 }
 
+static int dbase_file_set(
+	semanage_handle_t* handle,
+	dbase_file_t* dbase,
+	record_key_t* key,
+	record_t* data) {
+
+	if (enter_rw(handle, dbase) < 0)
+		goto err;
+
+        /* Stub */
+        key = NULL;
+        data = NULL;
+	dbase->modified = 1;
+        return STATUS_ERR;
+
+	err:
+	/* FIXME: handle error */
+	return STATUS_ERR;
+}
+
+
 static int dbase_file_modify(
 	semanage_handle_t* handle,
 	dbase_file_t* dbase,
@@ -461,7 +482,7 @@ static int dbase_file_iterate(
 	fn = NULL;
 	arg = NULL;
 
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 static int dbase_file_del(
@@ -545,6 +566,14 @@ static int dbase_file_list(
 	return STATUS_ERR;
 }
 
+static record_table_t* dbase_file_get_rtable(
+	semanage_handle_t* handle,
+	dbase_file_t* dbase) {
+
+	handle = NULL;
+	return dbase->rtable;
+}
+
 
 /* FILE dbase - method table implementation */
 dbase_table_t SEMANAGE_FILE_DTABLE = {
@@ -554,8 +583,10 @@ dbase_table_t SEMANAGE_FILE_DTABLE = {
 	.exists = dbase_file_exists, 
 	.list = dbase_file_list,   
 	.add = dbase_file_add,
+	.set = dbase_file_set,
 	.del = dbase_file_del, 
 	.modify = dbase_file_modify, 
 	.query = dbase_file_query, 
 	.count = dbase_file_count, 
+	.get_rtable = dbase_file_get_rtable
 };
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/database.h new/libsemanage/src/database.h
--- old/libsemanage/src/database.h	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/database.h	2005-10-20 12:17:46.000000000 -0400
@@ -48,7 +48,6 @@ typedef struct dbase_table {
 	/* Add the specified record to
 	 * the database if it is not present,
 	 * or fail if it already exists */
-
 	int (*add) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
@@ -58,30 +57,41 @@ typedef struct dbase_table {
 	/* Add the specified record to the  
 	 * database if it not present. 
 	 * If it's present, replace it */
-
 	int (*modify) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_key_t* key,
 		record_t* data);
 
+	/* Modify the specified record in the database
+	 * if it is present. Fail if it does not yet exist */
+	int (*set) (
+		struct semanage_handle* handle,
+		dbase_t* dbase,
+		record_key_t* key,
+		record_t* data);
+
+	/* Delete a record */
 	int (*del) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_key_t* key);
 
+	/* Retrieve a record */
 	int (*query) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_key_t* key,
 		record_t** response);
 
+	/* Check if a record exists */
 	int (*exists) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_key_t* key,
 		int* response);
 
+	/* Count the number of records */
 	int (*count) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
@@ -92,7 +102,6 @@ typedef struct dbase_table {
 	 * can signal a successful exit by returning 1,
 	 * an error exit by returning -1, and continue by
 	 * returning 0 */
-
 	int (*iterate) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
@@ -101,27 +110,38 @@ typedef struct dbase_table {
 			void* varg),
 		void* fn_arg);
 
+	/* Construct a list of all records in this database */
 	int (*list) (
 		struct semanage_handle* handle,
 		dbase_t* dbase,
 		record_t*** records,
 		size_t* count);
-
+	
+	/* Forgets all changes that haven't been written
+	 * to the database backend */
 	void (*drop_cache) (
 		struct semanage_handle* handle,
 		dbase_t* dbase);
 
+	/* Writes the database changes to its backend */
 	int (*flush) (
 		struct semanage_handle* handle,
 		dbase_t* dbase);
 
+	/* Retrieves the record table for this database,
+	 * which specifies how to perform basic operations
+	 * on each record. */
+	record_table_t* (*get_rtable) (
+		struct semanage_handle* handle,
+		dbase_t* dbase);
+
 } dbase_table_t;
 
 typedef struct dbase_config {
 
 	/* Database state */
 	dbase_t* dbase;
-	
+
 	/* Database methods */
 	dbase_table_t* dtable;
 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/database_policydb.c new/libsemanage/src/database_policydb.c
--- old/libsemanage/src/database_policydb.c	2005-10-19 12:13:26.000000000 -0400
+++ new/libsemanage/src/database_policydb.c	2005-10-20 13:01:25.000000000 -0400
@@ -9,6 +9,7 @@ typedef struct dbase_policydb dbase_t;
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/mman.h>
+#include <errno.h>
 #include <unistd.h>
 #include <string.h>
 #include <sepol/policydb.h>
@@ -77,20 +78,22 @@ static int dbase_policydb_cache(
 	/* Open file */
 	fd = open(fname, O_RDONLY);
 	if (fd < 0) {
-		/* FIXME: handle error */
+		ERR(handle, "could not open %s for reading: %s",
+			fname, strerror(errno));
 		goto err;
 	}
 
 	/* Stat */
 	if (fstat(fd, &sb) < 0) {
-		/* FIXME: handle error */
+		ERR(handle, "could not stat %s: %s",
+			fname, strerror(errno));
 		goto err;
 	}
 
 	/* Map file */
 	data = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
 	if (data == MAP_FAILED) {
-		/* FIXME: handle error */
+		ERR(handle, "could not map policy: %s", strerror(errno));
 		goto err;
         }
 
@@ -108,10 +111,10 @@ static int dbase_policydb_cache(
 	return STATUS_SUCCESS;
 	
 	omem:
-	/* FIXME: handle error */
+	ERR(handle, "out of memory");
 	
 	err:
-	/* FIXME: handle error */
+	ERR(handle, "unable to cache policy database from %s", fname);
 	if (fd > 0)
 		close(fd);
 	if (data != NULL)
@@ -134,7 +137,7 @@ static int dbase_policydb_flush(
 
 	/* Stub */
 	handle = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 
@@ -268,8 +271,27 @@ static int dbase_policydb_add (
 	/* Stub */
 	key = NULL;
 	data = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
+
+	err:
+	/* FIXME: handle error */
+	return STATUS_ERR;
+}
+
+static int dbase_policydb_set(
+	semanage_handle_t* handle,
+	dbase_policydb_t* dbase,
+	record_key_t* key,
+	record_t* data) {
+
+	if (enter_rw(handle, dbase) < 0)
+		goto err;
 
+	/* Stub */
+	key = NULL;
+	data = NULL;
+	return STATUS_ERR;
+		
 	err:
 	/* FIXME: handle error */
 	return STATUS_ERR;
@@ -287,7 +309,7 @@ static int dbase_policydb_modify (
 	/* Stub */
 	key = NULL;
 	data = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -304,7 +326,7 @@ static int dbase_policydb_del (
 
 	/* Stub */
 	key = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -324,7 +346,7 @@ static int dbase_policydb_query (
 	key = NULL;
 	response = NULL;
 	exit_ro(handle, dbase);
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -345,7 +367,7 @@ static int dbase_policydb_exists (
 	key = NULL;
 	response = NULL;
 	exit_ro(handle, dbase);
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -364,7 +386,7 @@ static int dbase_policydb_count (
 	/* Stub */
 	response = NULL;
 	exit_ro(handle, dbase);
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -406,7 +428,7 @@ static int dbase_policydb_list (
 	records = NULL;
 	count = NULL;
 	exit_ro(handle, dbase);
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 	err:
 	/* FIXME: handle error */
@@ -414,6 +436,14 @@ static int dbase_policydb_list (
 	return STATUS_ERR;
 }
 
+static record_table_t* dbase_policydb_get_rtable(
+	semanage_handle_t* handle,
+	dbase_policydb_t* dbase) {
+
+	handle = NULL;
+	return dbase->rtable;
+}
+
 /* POLICYDB dbase - method table implementation */
 dbase_table_t SEMANAGE_POLICYDB_DTABLE = {
 	.drop_cache = dbase_policydb_drop_cache,
@@ -422,8 +452,10 @@ dbase_table_t SEMANAGE_POLICYDB_DTABLE =
 	.exists = dbase_policydb_exists,
 	.list = dbase_policydb_list,
 	.add = dbase_policydb_add,
+	.set = dbase_policydb_set,
 	.del = dbase_policydb_del,
 	.modify = dbase_policydb_modify, 
 	.query = dbase_policydb_query,
 	.count = dbase_policydb_count,
+	.get_rtable = dbase_policydb_get_rtable
 };
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/direct_api.c new/libsemanage/src/direct_api.c
--- old/libsemanage/src/direct_api.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/direct_api.c	2005-10-20 13:06:13.000000000 -0400
@@ -331,20 +331,16 @@ static int semanage_direct_commit(semana
 	if (semanage_expand_sandbox(sh, base) < 0)
 		goto cleanup;
 
-#if 0
-	/* Link components into base policy */
-	if (semanage_base_merge_components(sh) < 0)
+	/* Verify policy */
+	if (semanage_verify_kernel(sh) != 0)
 		goto cleanup;
 
+#if 0
 	/* Commit changes to components */
 	if (semanage_commit_components(sh) < 0)
 		goto cleanup;
 #endif
 
-	/* Verify policy */
-	if (semanage_verify_kernel(sh) != 0)
-		goto cleanup;
-
 	retval = semanage_install_sandbox(sh);
 
  cleanup:
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/interfaces_file.c new/libsemanage/src/interfaces_file.c
--- old/libsemanage/src/interfaces_file.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/interfaces_file.c	2005-10-20 13:03:34.000000000 -0400
@@ -26,7 +26,7 @@ static int iface_print(
 	/* Stub */
 	iface = NULL;
 	str = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 static int iface_parse(
@@ -36,7 +36,7 @@ static int iface_parse(
 	/* Stub */
 	info = NULL;
 	iface = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 
 }
 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/policy_components.c new/libsemanage/src/policy_components.c
--- old/libsemanage/src/policy_components.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/policy_components.c	2005-10-20 12:34:39.000000000 -0400
@@ -17,35 +17,39 @@ static int load_handler(
 	record_t* record,
 	void* varg) {
 
+	record_key_t* rkey = NULL;
 	load_handler_arg_t* arg = 
 		(load_handler_arg_t*) varg;
 
 	semanage_handle_t* handle = arg->handle;
 	dbase_t* dbase = arg->dconfig->dbase;
 	dbase_table_t* dtable = arg->dconfig->dtable;
-
+	record_table_t* rtable = dtable->get_rtable(handle, dbase);	
+	
+	if (rtable->key_extract(record, &rkey) < 0)
+		goto err;
+ 
 	switch (arg->mode) {
 		
 		case MODE_SET:
-#if 0
-			if (dtable->set(handle, dtable,
-				NULL, /* FIXME: KEY */, record) < 0)
+			if (dtable->set(handle, dbase, rkey, record) < 0)
 				goto err;
-#endif
 			break;
 		
 		default:
 		case MODE_MODIFY:
-			if (dtable->modify(handle, dbase,
-				NULL, /* FIXME: KEY */ record) < 0)
+			if (dtable->modify(handle, dbase, rkey, record) < 0)
 				goto err;
 			break;
 
 	}
+
+	rtable->key_free(rkey);
 	return 0;
 
 	err:
 	/* FIXME: handle error */
+	rtable->key_free(rkey);
 	return -1;
 }
 
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/ports_policy.c new/libsemanage/src/ports_policy.c
--- old/libsemanage/src/ports_policy.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/ports_policy.c	2005-10-20 13:04:14.000000000 -0400
@@ -127,7 +127,7 @@ int semanage_port_query(
 	handle = NULL;
 	key = NULL;
 	response = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_port_exists(
@@ -180,7 +180,7 @@ int semanage_port_iterate(
 	handle = NULL;
 	handler = NULL;
 	handler_arg = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_port_list(
@@ -192,5 +192,5 @@ int semanage_port_list(
 	handle = NULL;
 	records = NULL;
 	count = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/semanage_store.c new/libsemanage/src/semanage_store.c
--- old/libsemanage/src/semanage_store.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/semanage_store.c	2005-10-20 13:05:57.000000000 -0400
@@ -24,7 +24,14 @@
  * direct connections, are here as well.
  */
 
+struct dbase_policydb;
+typedef struct dbase_policydb dbase_t;
+#define DBASE_DEFINED
+
 #include "semanage_store.h"
+#include "database_policydb.h"
+#include "handle.h"
+#include "policy.h"
 
 #include <selinux/selinux.h>
 #include <sepol/policydb.h>
@@ -1203,6 +1210,26 @@ int semanage_expand_sandbox(semanage_han
  		ERR(sh, "Unknown/Invalid policy version %d.", policyvers);
 		goto cleanup;
 	}
+
+#if 0
+	dbase_policydb_attach(sh, semanage_user_dbase_policy(sh)->dbase, out);
+	dbase_policydb_attach(sh, semanage_port_dbase_policy(sh)->dbase, out);
+	dbase_policydb_attach(sh, semanage_iface_dbase_policy(sh)->dbase, out);
+	dbase_policydb_attach(sh, semanage_bool_dbase_policy(sh)->dbase, out);
+
+	retval = semanage_base_merge_components(sh);
+
+	dbase_policydb_detach(sh, semanage_user_dbase_policy(sh)->dbase);
+        dbase_policydb_detach(sh, semanage_port_dbase_policy(sh)->dbase);
+        dbase_policydb_detach(sh, semanage_iface_dbase_policy(sh)->dbase);
+        dbase_policydb_detach(sh, semanage_bool_dbase_policy(sh)->dbase);
+
+	if (retval < 0) {
+		ERR(sh, "Unable to merge local modifications into policy.");
+		goto cleanup;
+	}
+#endif
+
 	if ((kernel_filename = semanage_path(SEMANAGE_TMP, SEMANAGE_KERNEL)) == NULL) {
 		goto cleanup;
 	}
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/seusers_file.c new/libsemanage/src/seusers_file.c
--- old/libsemanage/src/seusers_file.c	2005-10-14 14:32:34.000000000 -0400
+++ new/libsemanage/src/seusers_file.c	2005-10-20 13:04:33.000000000 -0400
@@ -24,7 +24,7 @@ static int seuser_print(
 	/* Stub */
 	seuser = NULL;
 	str = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 static int seuser_parse(
@@ -34,7 +34,7 @@ static int seuser_parse(
 	/* Stub */
 	info = NULL;
 	seuser = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 /* SEUSER RECORD: method table (seusers.c) */
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/users_policy.c new/libsemanage/src/users_policy.c
--- old/libsemanage/src/users_policy.c	2005-10-20 10:40:46.000000000 -0400
+++ new/libsemanage/src/users_policy.c	2005-10-20 13:04:41.000000000 -0400
@@ -127,7 +127,7 @@ int semanage_user_query(
 	handle = NULL;
 	key = NULL;
 	response = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_user_exists(
@@ -180,7 +180,7 @@ int semanage_user_iterate(
 	handle = NULL;
 	handler = NULL;
 	handler_arg = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }
 
 int semanage_user_list(
@@ -192,5 +192,5 @@ int semanage_user_list(
 	handle = NULL;
 	records = NULL;
 	count = NULL;
-	return STATUS_SUCCESS;
+	return STATUS_ERR;
 }

Re: [ SEMANAGE ] More dbase things

[Stephen Smalley]

On Thu, 2005-10-20 at 13:12 -0400, Ivan Gyurdiev wrote:
> > Let's get that theory turned into practice RSN...
> >   
> Allright, fine... let's add some more things.
> 
> Attach patch:
> - stubs dbase function set()
> - adds dbase function get_rtable(), and uses it to complete the merge 
> function in policy components
> - moves if0-ed code for merge and commit in the right place. and adds 
> attach/detach
> - adds error messages into dbase_policydb_cache
> - changes error code for all stubs from STATUS_SUCCESS to STATUS_ERR, so 
> that client won't crash, expecting that the function succeeded.
> 
> -----
> I can now begin to test functionality, and fix bugs (and implement 
> functions one by one, and add error messages).

Ok, merged (libsemanage 1.3.30) along with a couple of fixes for leaks
in the already existing libsemanage code (my fault).

BTW, you could simplify your dbase_policydb_cache() function to use
sepol_policydb_read() rather than sepol_policydb_from_image(); that
avoids the need to mmap it.  You just fopen() the file and associate the
FILE with a sepol_policy_file.  You can see similar policy file setup
for reading module packages in semanage_load_module.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More work on policy_components.c

[Stephen Smalley]

On Wed, 2005-10-19 at 21:24 -0400, Ivan Gyurdiev wrote:
> This patch makes the commit function shorter, and more intelligent, and 
> implements a lot more of the "merge into base" function (but not all of 
> it). It also adds comments in database.h about the behavior of the 
> add(), modify(), and iterate() functions.

Oops, this one causes memory errors on a semodule -b base.pp (per
valgrind).

==8109== Invalid read of size 4
==8109==    at 0x1B95D3CD: dbase_policydb_drop_cache (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95D55D: dbase_policydb_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95C1A3: bool_policydb_dbase_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95DE3C: semanage_direct_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95F357: semanage_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x8049571: main (in /home/sds/cvs/obj/usr/sbin/semodule)
==8109==  Address 0x1B9849E0 is 16 bytes inside a block of size 28 free'd
==8109==    at 0x1B90430F: free (vg_replace_malloc.c:235)
==8109==    by 0x1B95D56B: dbase_policydb_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B96197B: port_policydb_dbase_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95DE08: semanage_direct_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95F357: semanage_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x8049571: main (in /home/sds/cvs/obj/usr/sbin/semodule)
==8109==
==8109== Invalid free() / delete / delete[]
==8109==    at 0x1B90430F: free (vg_replace_malloc.c:235)
==8109==    by 0x1B95D56B: dbase_policydb_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95C1A3: bool_policydb_dbase_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95DE3C: semanage_direct_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95F357: semanage_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x8049571: main (in /home/sds/cvs/obj/usr/sbin/semodule)
==8109==  Address 0x1B9849D0 is 0 bytes inside a block of size 28 free'd
==8109==    at 0x1B90430F: free (vg_replace_malloc.c:235)
==8109==    by 0x1B95D56B: dbase_policydb_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B96197B: port_policydb_dbase_release (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95DE08: semanage_direct_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x1B95F357: semanage_disconnect (in /home/sds/cvs/obj/lib/libsemanage.so.1)
==8109==    by 0x8049571: main (in /home/sds/cvs/obj/usr/sbin/semodule)
==8109==
==8109== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 26 from 2)


-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More work on policy_components.c

[Stephen Smalley]

On Thu, 2005-10-20 at 12:55 -0400, Stephen Smalley wrote:
> Oops, this one causes memory errors on a semodule -b base.pp (per
> valgrind).

Actually, I think it was introduced by the prior one (interface renaming
et al).  That removed an #if 0 around those calls.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More work on policy_components.c

[Ivan Gyurdiev]

Stephen Smalley wrote:
> On Wed, 2005-10-19 at 21:24 -0400, Ivan Gyurdiev wrote:
>   
>> This patch makes the commit function shorter, and more intelligent, and 
>> implements a lot more of the "merge into base" function (but not all of 
>> it). It also adds comments in database.h about the behavior of the 
>> add(), modify(), and iterate() functions.
>>     
>
> Oops, this one causes memory errors on a semodule -b base.pp (per
> valgrind).
>   
That's not possible, because those patches don't touch that code path...

The problem is from earlier patches - you can comment out the init() and 
release() code in direct_api.c - should eliminate any bugs. I didn't 
think something as simple would be broken. I'll fix the problem a bit 
later today...

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More work on policy_components.c

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 371 bytes --]

On Thu, 2005-10-20 at 13:21 -0400, Ivan Gyurdiev wrote:
> The problem is from earlier patches - you can comment out the init() and 
> release() code in direct_api.c - should eliminate any bugs. I didn't 
> think something as simple would be broken. I'll fix the problem a bit 
> later today...

I think that this may help...

-- 
Stephen Smalley
National Security Agency

[-- Attachment #2: libsemanage-fix.patch --]
[-- Type: text/x-patch, Size: 770 bytes --]

Index: libsemanage/src/direct_api.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsemanage/src/direct_api.c,v
retrieving revision 1.15
diff -u -p -r1.15 direct_api.c
--- libsemanage/src/direct_api.c	20 Oct 2005 14:18:42 -0000	1.15
+++ libsemanage/src/direct_api.c	20 Oct 2005 17:01:40 -0000
@@ -153,7 +153,7 @@ static int semanage_direct_disconnect(se
 	user_policydb_dbase_release(sh, semanage_user_dbase_policy(sh));
 	port_policydb_dbase_release(sh, semanage_port_dbase_policy(sh));
 	iface_policydb_dbase_release(sh, semanage_iface_dbase_policy(sh));
-	bool_policydb_dbase_release(sh, semanage_port_dbase_policy(sh));
+	bool_policydb_dbase_release(sh, semanage_bool_dbase_policy(sh));
 
 	return 0;
 }

Re: [ SEMANAGE ] More work on policy_components.c

[Stephen Smalley]

On Thu, 2005-10-20 at 13:11 -0400, Stephen Smalley wrote:
> On Thu, 2005-10-20 at 13:21 -0400, Ivan Gyurdiev wrote:
> > The problem is from earlier patches - you can comment out the init() and 
> > release() code in direct_api.c - should eliminate any bugs. I didn't 
> > think something as simple would be broken. I'll fix the problem a bit 
> > later today...
> 
> I think that this may help...

Yes, that eliminates the memory errors on semodule -b.  In libsemanage
1.3.29.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEMANAGE ] More work on policy_components.c

[Ivan Gyurdiev]

Stephen Smalley wrote:
> On Thu, 2005-10-20 at 13:21 -0400, Ivan Gyurdiev wrote:
>   
>> The problem is from earlier patches - you can comment out the init() and 
>> release() code in direct_api.c - should eliminate any bugs. I didn't 
>> think something as simple would be broken. I'll fix the problem a bit 
>> later today...
>>     
>
> I think that this may help...
>   
doh...

Like I was saying :)
With that last patch I just sent, I can begin to test functionality, add 
error messages, fix bugs, and implement stubs.

The first thing I need to do is to figure out whether my 
dbase_policydb_cache function will work on policy.kern (but this is 
challenging, as I can't seem to get a policy.kern in the first place - 
commit keeps failing, and it's definitely not my fault that it does so...).

I should also focus a bit on sepol, where the interfaces need to be 
stabilized...


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.