[ SEMANAGE ] Fix hidden declarations

[ SEMANAGE ] Fix hidden declarations

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 643 bytes --]

The hidden declarations are still a mystery to me. They are present in 
half the functions, and missing in the other half. I'm sure there's a 
reason for this, but since I don't quite understand the pattern, I'll 
leave them alone. There's no hidden declarations for _local.c, and 
_policy.c, and they are missing for some of the functions in _record.c.

This patch:

- removes the hidden proto for sepol_user_exists(), and 
sepol_seuser_iterate(), which make those functions invisible (no 
hidden_def, not sure if one should be added).

- changes two cases of hidden_proto in iface_record.c to hidden_def, 
because that just looks wrong.





[-- Attachment #2: libsemanage.hidden_fix.diff --]
[-- Type: text/x-patch, Size: 1939 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsemanage/src/iface_record.c new/libsemanage/src/iface_record.c
--- old/libsemanage/src/iface_record.c	2005-11-08 09:32:57.000000000 -0500
+++ new/libsemanage/src/iface_record.c	2005-11-09 18:05:51.000000000 -0500
@@ -115,14 +115,14 @@ int semanage_iface_clone(
 
 	return sepol_iface_clone(handle->sepolh, iface, iface_ptr);
 }
-hidden_proto(semanage_iface_clone)
+hidden_def(semanage_iface_clone)
 
 void semanage_iface_free(
 	semanage_iface_t* iface) {
 
 	sepol_iface_free(iface);
 }
-hidden_proto(semanage_iface_free)
+hidden_def(semanage_iface_free)
 
 /* Record base functions */
 record_table_t SEMANAGE_IFACE_RTABLE = {
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsemanage/src/seuser_internal.h new/libsemanage/src/seuser_internal.h
--- old/libsemanage/src/seuser_internal.h	2005-11-08 09:32:57.000000000 -0500
+++ new/libsemanage/src/seuser_internal.h	2005-11-09 18:04:27.000000000 -0500
@@ -9,7 +9,6 @@ hidden_proto(semanage_seuser_free)
 hidden_proto(semanage_seuser_get_mlsrange)
 hidden_proto(semanage_seuser_get_name)
 hidden_proto(semanage_seuser_get_sename)
-hidden_proto(semanage_seuser_iterate)
 hidden_proto(semanage_seuser_key_create)
 hidden_proto(semanage_seuser_key_extract)
 hidden_proto(semanage_seuser_key_free)
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsemanage/src/user_internal.h new/libsemanage/src/user_internal.h
--- old/libsemanage/src/user_internal.h	2005-11-08 09:32:57.000000000 -0500
+++ new/libsemanage/src/user_internal.h	2005-11-09 18:04:11.000000000 -0500
@@ -7,7 +7,6 @@ hidden_proto(semanage_user_add_role)
 hidden_proto(semanage_user_clone)
 hidden_proto(semanage_user_compare)
 hidden_proto(semanage_user_create)
-hidden_proto(semanage_user_exists)
 hidden_proto(semanage_user_free)
 hidden_proto(semanage_user_get_defrole)
 hidden_proto(semanage_user_get_mlslevel)

Re: [ SEMANAGE ] Fix hidden declarations

[Stephen Smalley]

[-- Attachment #1: Type: text/plain, Size: 1780 bytes --]

On Wed, 2005-11-09 at 18:17 -0500, Ivan Gyurdiev wrote:
> The hidden declarations are still a mystery to me. They are present in 
> half the functions, and missing in the other half. I'm sure there's a 
> reason for this, but since I don't quite understand the pattern, I'll 
> leave them alone. There's no hidden declarations for _local.c, and 
> _policy.c, and they are missing for some of the functions in _record.c.

Explanation:  Whenever you use an exported symbol from within the DSO,
by default, interposition on the symbol is possible even for the
references within the DSO, i.e. you can override the internal definition
via another DSO.  Therefore, a relocation is required for the local
symbol reference.  This has a cost and is rarely what you want.  Thus,
by introducing hidden_proto()/hidden_def(), you create an internal
definition for all internal references that is not interposable and does
not require relocations.  This only affects exported symbols you are
calling from within the DSO itself.

> This patch:
> 
> - removes the hidden proto for sepol_user_exists(), and 
> sepol_seuser_iterate(), which make those functions invisible (no 
> hidden_def, not sure if one should be added).

No, this re-introduces relocations on those symbols (actually semanage_,
not sepol_).  Correct fix is to add hidden_defs for these symbols, not
to remove the hidden_protos.  If you had run relinfo.pl (attached) on
the .so file after applying your patch, you would have seen that it
yielded relocations on local syms.  Or you could just run readelf -r on
the .so file and grep for semanage_ prefix.

> - changes two cases of hidden_proto in iface_record.c to hidden_def, 
> because that just looks wrong.

Yes, that was a bug.

-- 
Stephen Smalley
National Security Agency

[-- Attachment #2: relinfo.pl --]
[-- Type: application/x-perl, Size: 2383 bytes --]

Re: [ SEMANAGE ] Fix hidden declarations

[Stephen Smalley]

On Thu, 2005-11-10 at 08:22 -0500, Stephen Smalley wrote:
> > This patch:
> > 
> > - removes the hidden proto for sepol_user_exists(), and 
> > sepol_seuser_iterate(), which make those functions invisible (no 
> > hidden_def, not sure if one should be added).
> 
> No, this re-introduces relocations on those symbols (actually semanage_,
> not sepol_).  Correct fix is to add hidden_defs for these symbols, not
> to remove the hidden_protos.  If you had run relinfo.pl (attached) on
> the .so file after applying your patch, you would have seen that it
> yielded relocations on local syms.  Or you could just run readelf -r on
> the .so file and grep for semanage_ prefix.
> 
> > - changes two cases of hidden_proto in iface_record.c to hidden_def, 
> > because that just looks wrong.
> 
> Yes, that was a bug.

Merged with the above issue corrected.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.