From: Ivan Gyurdiev <ivg2@cornell.edu>
To: Ivan Gyurdiev <ivg2@cornell.edu>
Cc: selinux@tycho.nsa.gov, Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [ SEPOL ] Reorganize users.c
Date: Thu, 20 Oct 2005 16:00:42 -0400 [thread overview]
Message-ID: <4357F76A.7040009@cornell.edu> (raw)
In-Reply-To: <4357F5DF.30905@cornell.edu>
[-- Attachment #1: Type: text/plain, Size: 220 bytes --]
> - makes is_valid/exists function update a parameter, rather than
> mixing response and return status code
Oops...forgot to initialize status in the success path. Corrected patch
attach (gets rid of the variable).
[-- Attachment #2: libsepol.reorganize_users.diff --]
[-- Type: text/x-patch, Size: 8469 bytes --]
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsemanage/src/users_policydb.c new/libsemanage/src/users_policydb.c
--- old/libsemanage/src/users_policydb.c 2005-10-18 10:53:30.000000000 -0400
+++ new/libsemanage/src/users_policydb.c 2005-10-20 15:44:20.000000000 -0400
@@ -22,7 +22,7 @@ extern record_table_t SEPOL_USER_RTABLE;
/* USER RECRORD (SEPOL): POLICYDB extension: method table */
record_policydb_table_t SEMANAGE_USER_POLICYDB_RTABLE = {
- .add = sepol_user_add,
+ .add = NULL, /* FIXME */
.modify = sepol_user_modify,
.iterate = sepol_user_iterate,
};
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/include/sepol/roles.h new/libsepol/include/sepol/roles.h
--- old/libsepol/include/sepol/roles.h 1969-12-31 19:00:00.000000000 -0500
+++ new/libsepol/include/sepol/roles.h 2005-10-20 15:41:22.000000000 -0400
@@ -0,0 +1,14 @@
+#ifndef _SEPOL_ROLES_H_
+#define _SEPOL_ROLES_H_
+
+extern int sepol_role_exists(
+ sepol_policydb_t* policydb,
+ const char* role,
+ int* response);
+
+extern int sepol_role_list(
+ sepol_policydb_t* policydb,
+ char*** roles,
+ size_t* nroles);
+
+#endif
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/include/sepol/users.h new/libsepol/include/sepol/users.h
--- old/libsepol/include/sepol/users.h 2005-10-07 16:45:17.000000000 -0400
+++ new/libsepol/include/sepol/users.h 2005-10-20 15:41:42.000000000 -0400
@@ -9,35 +9,27 @@
extern void sepol_clear_unused_users(
sepol_policydb_t* policydb);
-/* Add/delete/load users from the policy
- Load allows duplicates, but add does not. */
-extern int sepol_user_add(
- sepol_policydb_t* policydb,
- sepol_user_t* user);
-
+/* Delete the user */
extern int sepol_user_del(
sepol_policydb_t* policydb,
const char *username);
+/* Add the user if missing, or modify otherwise */
extern int sepol_user_modify(
sepol_policydb_t* policydb,
sepol_user_t* user);
-/* Check if users or roles are valid */
-extern int sepol_user_is_valid(
- sepol_policydb_t* policydb,
- const char* user);
-
-extern int sepol_role_is_valid(
+/* Check if the specified user exists */
+extern int sepol_user_exists(
sepol_policydb_t* policydb,
- const char* role);
+ const char* user,
+ int* response);
/* Iterate the users
* The handler may return:
* -1 to signal an error condition,
* 1 to signal successful exit
* 0 to signal continue */
-
extern int sepol_user_iterate(
sepol_policydb_t* policydb,
int (*fn)(
@@ -45,9 +37,4 @@ extern int sepol_user_iterate(
void* fn_arg),
void* arg);
-extern int sepol_get_valid_roles(
- sepol_policydb_t* policydb,
- char*** roles,
- size_t* nroles);
-
#endif
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/libsepol.map new/libsepol/src/libsepol.map
--- old/libsepol/src/libsepol.map 2005-10-18 10:08:39.000000000 -0400
+++ new/libsepol/src/libsepol.map 2005-10-20 15:41:55.000000000 -0400
@@ -20,7 +20,7 @@
sepol_link_modules; sepol_expand_module;
sepol_bool*; sepol_context*;
sepol_iface*; sepol_port*; sepol_user*; sepol_clear_unused_users;
- sepol_role_is_valid; sepol_set_delusers;
+ sepol_set_delusers;
sepol_msg_*; sepol_handle_*;
local: *;
};
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/roles.c new/libsepol/src/roles.c
--- old/libsepol/src/roles.c 1969-12-31 19:00:00.000000000 -0500
+++ new/libsepol/src/roles.c 2005-10-20 15:57:44.000000000 -0400
@@ -0,0 +1,60 @@
+#include <stdlib.h>
+#include <sepol/policydb/policydb.h>
+#include "debug.h"
+
+/* Check if a role exists */
+int sepol_role_exists(
+ sepol_policydb_t* p,
+ const char* role,
+ int* response) {
+
+ policydb_t *policydb = &p->p;
+ char* role_copy = strdup(role);
+ if (!role_copy) {
+ DEBUG(__FUNCTION__, "out of memory, role check failed\n");
+ return STATUS_ERR;
+ }
+
+ *response = (hashtab_search(policydb->p_roles.table, role_copy) != NULL);
+ free(role_copy);
+ return STATUS_SUCCESS;
+}
+
+
+/* Fill an array with all valid roles */
+int sepol_role_list(
+ sepol_policydb_t* p,
+ char*** roles,
+ size_t* nroles) {
+
+ policydb_t *policydb = &p->p;
+ size_t tmp_nroles = policydb->p_roles.nprim;
+ char **tmp_roles = (char**) malloc(tmp_nroles * sizeof(char*));
+ char **ptr;
+ size_t i;
+ if (!tmp_roles)
+ goto omem;
+
+ for (i =0; i < tmp_nroles; i++) {
+ tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
+ if (!tmp_roles[i])
+ goto omem;
+ }
+
+ *nroles = tmp_nroles;
+ *roles = tmp_roles;
+
+ return STATUS_SUCCESS;
+
+ omem:
+ DEBUG(__FUNCTION__, "out of memory, could not "
+ "allocate list of valid roles\n");
+
+ ptr = tmp_roles;
+ while (ptr && *ptr)
+ free(*ptr++);
+ free(tmp_roles);
+ return STATUS_ERR;
+}
+
+
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude libsemanage.map --exclude 'module_record*' --exclude 'database_directory*' old/libsepol/src/users.c new/libsepol/src/users.c
--- old/libsepol/src/users.c 2005-10-07 16:45:46.000000000 -0400
+++ new/libsepol/src/users.c 2005-10-20 15:58:12.000000000 -0400
@@ -79,43 +79,6 @@ void sepol_clear_unused_users(sepol_poli
}
}
-/* Add a user to the given policydb. The user may not exist already */
-
-int sepol_user_add(sepol_policydb_t* p, sepol_user_t* user) {
-
- char* name = NULL;
- user_datum_t* usrdatum;
- policydb_t *policydb = &p->p;
-
- /* See if a user exists */
- name = strdup(sepol_user_get_name(user));
- if (!name)
- goto omem;
-
- usrdatum = hashtab_search(policydb->p_users.table, name);
-
- /* If it does, fail */
- if (usrdatum) {
- DEBUG(__FUNCTION__,"%s is already in policy\n", name);
- goto err;
- }
-
- if (sepol_user_modify(p, user) < 0)
- goto err;
-
- free(name);
- return STATUS_SUCCESS;
-
- omem:
- DEBUG(__FUNCTION__, "out of memory\n");
-
- err:
- DEBUG(__FUNCTION__, "could not add %s to policy\n",
- sepol_user_get_name(user));
- free(name);
- return STATUS_ERR;
-}
-
/* Delete a user from the given policydb. This function will
* fail if the user does not exist. */
@@ -337,34 +300,21 @@ int sepol_user_modify(sepol_policydb_t*
/* Check if a user is valid */
-int sepol_user_is_valid(sepol_policydb_t* p, const char* user) {
+int sepol_user_exists(
+ sepol_policydb_t* p,
+ const char* user,
+ int* response) {
+
policydb_t *policydb = &p->p;
- int status;
char* user_copy = strdup(user);
if (!user_copy) {
DEBUG(__FUNCTION__, "out of memory, user check failed\n");
return STATUS_ERR;
}
- status = hashtab_search(policydb->p_users.table, user_copy) != NULL;
+ *response = (hashtab_search(policydb->p_users.table, user_copy) != NULL);
free(user_copy);
- return status;
-}
-
-/* Check if a role is valid */
-
-int sepol_role_is_valid(sepol_policydb_t* p, const char* role) {
- policydb_t *policydb = &p->p;
- int status;
- char* role_copy = strdup(role);
- if (!role_copy) {
- DEBUG(__FUNCTION__, "out of memory, role check failed\n");
- return STATUS_ERR;
- }
-
- status = hashtab_search(policydb->p_roles.table, role_copy) != NULL;
- free(role_copy);
- return status;
+ return STATUS_SUCCESS;
}
/* Fill an array with all valid users */
@@ -458,36 +408,3 @@ int sepol_user_iterate(
sepol_user_free(user);
return STATUS_ERR;
}
-
-/* Fill an array with all valid roles */
-
-int sepol_get_valid_roles(sepol_policydb_t* p, char*** roles, size_t* nroles) {
- policydb_t *policydb = &p->p;
- size_t tmp_nroles = policydb->p_roles.nprim;
- char **tmp_roles = (char**) malloc(tmp_nroles * sizeof(char*));
- char **ptr;
- size_t i;
- if (!tmp_roles)
- goto omem;
-
- for (i =0; i < tmp_nroles; i++) {
- tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
- if (!tmp_roles[i])
- goto omem;
- }
-
- *nroles = tmp_nroles;
- *roles = tmp_roles;
-
- return STATUS_SUCCESS;
-
- omem:
- DEBUG(__FUNCTION__, "out of memory, could not "
- "allocate list of valid roles\n");
-
- ptr = tmp_roles;
- while (ptr && *ptr)
- free(*ptr++);
- free(tmp_roles);
- return STATUS_ERR;
-}
next prev parent reply other threads:[~2005-10-20 20:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-20 19:54 [ SEPOL ] Reorganize users.c Ivan Gyurdiev
2005-10-20 20:00 ` Ivan Gyurdiev [this message]
2005-10-21 14:09 ` Stephen Smalley
2005-10-20 20:10 ` Stephen Smalley
2005-10-20 20:42 ` Ivan Gyurdiev
2005-10-21 12:24 ` Stephen Smalley
2005-10-21 12:47 ` Ivan Gyurdiev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4357F76A.7040009@cornell.edu \
--to=ivg2@cornell.edu \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.