From: Ivan Gyurdiev <ivg2@cornell.edu>
To: SELinux List <SELinux@tycho.nsa.gov>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Subject: [ SEPOL ] Add sepol_policydb_mls_enabled, organize map file
Date: Sat, 12 Nov 2005 16:22:40 -0500 [thread overview]
Message-ID: <43765D20.9070200@cornell.edu> (raw)
[-- Attachment #1: Type: text/plain, Size: 1149 bytes --]
Changes:
- adds new function to check if policydb is mls enabled (target is
libsemanage: user/seuser/context parsers)
- marks sepol_module_package_init static (not used outside that file/not
exported)
- removes sepol_ prefix on two module functions that are not exported
(init, read_offsets)
- use wildcards in more places in the map file, to make it a bit more
organized. Enforce "_" after suffix, and organize things by the objects
being managed.
I like that the change makes it easy to see which functions are not
following proper namespace/convention. Also, it's easy to see when API's
being chaged (marked with sepol_). Also, makes names shorter (but if not
marked static, this could be a namespace problem for static linking).
Also, allows grep for exported functions for each object.
On the other hand, with wildcards things can be exported by mistake in
the future - not sure if that's a significant problem. You could argue
against this change, but then I don't understand why many functions were
marked hidden in services.c. Either we should or should not use
wildcards - I don't care which, but it should be consistent.
[-- Attachment #2: libsepol.mls_enabled.diff --]
[-- Type: text/x-patch, Size: 4584 bytes --]
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsepol/include/sepol/policydb.h new/libsepol/include/sepol/policydb.h
--- old/libsepol/include/sepol/policydb.h 2005-10-18 10:08:39.000000000 -0400
+++ new/libsepol/include/sepol/policydb.h 2005-11-12 15:42:20.000000000 -0500
@@ -123,6 +123,12 @@ extern int sepol_policydb_to_image(sepol
sepol_policydb_t *p,
void **newdata,
size_t *newlen);
+/*
+ * Check if this policy is MLS-enabled.
+ * Return 1 if enabled, 0 otherwise.
+ */
+extern int sepol_policydb_mls_enabled(
+ sepol_policydb_t *p);
#endif
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsepol/src/libsepol.map new/libsepol/src/libsepol.map
--- old/libsepol/src/libsepol.map 2005-11-08 12:10:25.000000000 -0500
+++ new/libsepol/src/libsepol.map 2005-11-12 15:46:04.000000000 -0500
@@ -1,26 +1,14 @@
{
global:
- sepol_genbools*; sepol_set_policydb_from_file; sepol_check_context; sepol_genusers; sepol_debug;
- sepol_policy_file_create; sepol_policy_file_free;
- sepol_policy_file_set_mem; sepol_policy_file_set_fp;
- sepol_policy_file_get_len; sepol_policy_file_set_handle;
- sepol_policydb_create; sepol_policydb_free;
- sepol_policy_kern_vers_min; sepol_policy_kern_vers_max;
- sepol_policydb_set_typesvers; sepol_policydb_set_vers;
- sepol_policydb_read; sepol_policydb_write;
- sepol_policydb_from_image; sepol_policydb_to_image;
- sepol_module_package_create; sepol_module_package_free;
- sepol_module_package_get_file_contexts;
- sepol_module_package_get_file_contexts_len;
- sepol_module_package_set_file_contexts;
- sepol_module_package_get_policy;
- sepol_link_packages;
- sepol_module_package_read; sepol_module_package_info;
- sepol_module_package_write;
- sepol_link_modules; sepol_expand_module;
- sepol_bool*; sepol_context*;
- sepol_iface*; sepol_user*;
- sepol_set_delusers;
- sepol_msg_*; sepol_handle_*;
+ sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages;
+ sepol_bool_*; sepol_genbools*;
+ sepol_context*; sepol_check_context;
+ sepol_iface_*;
+ sepol_user_*; sepol_genusers; sepol_set_delusers;
+ sepol_msg_*; sepol_debug;
+ sepol_handle_*;
+ sepol_policydb_*; sepol_set_policydb_from_file;
+ sepol_policy_kern_*;
+ sepol_policy_file_*;
local: *;
};
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsepol/src/module.c new/libsepol/src/module.c
--- old/libsepol/src/module.c 2005-11-01 17:32:59.000000000 -0500
+++ new/libsepol/src/module.c 2005-11-12 15:39:04.000000000 -0500
@@ -72,7 +72,7 @@ static size_t policy_file_length(struct
}
}
-int sepol_module_package_init(sepol_module_package_t *p)
+static int module_package_init(sepol_module_package_t *p)
{
memset(p, 0, sizeof(sepol_module_package_t));
if (sepol_policydb_create(&p->policy))
@@ -88,7 +88,7 @@ int sepol_module_package_create(sepol_mo
*p = calloc(1, sizeof(sepol_module_package_t));
if (!(*p))
return -1;
- return sepol_module_package_init(*p);
+ return module_package_init(*p);
}
hidden_def(sepol_module_package_create)
@@ -235,7 +235,7 @@ static int read_helper(char *buf, struct
/* Get the section offsets from a package file, offsets will be malloc'd to
* the appropriate size and the caller must free() them */
-static int sepol_module_package_read_offsets(sepol_module_package_t *mod,
+static int module_package_read_offsets(sepol_module_package_t *mod,
struct policy_file *file, size_t **offsets)
{
uint32_t *buf;
@@ -296,7 +296,7 @@ int sepol_module_package_read(sepol_modu
int retval = -1;
unsigned i, seen = 0;
- if (sepol_module_package_read_offsets(mod, file, &offsets))
+ if (module_package_read_offsets(mod, file, &offsets))
return -1;
/* we know the section offsets, seek to them and read in the data */
@@ -390,7 +390,7 @@ int sepol_module_package_info(struct sep
if (sepol_module_package_create(&mod))
return -1;
- if (sepol_module_package_read_offsets(mod, file, &offsets)) {
+ if (module_package_read_offsets(mod, file, &offsets)) {
goto cleanup;
}
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION old/libsepol/src/policydb_public.c new/libsepol/src/policydb_public.c
--- old/libsepol/src/policydb_public.c 2005-11-01 17:32:59.000000000 -0500
+++ new/libsepol/src/policydb_public.c 2005-11-12 15:44:02.000000000 -0500
@@ -159,3 +159,9 @@ int sepol_policydb_to_image(sepol_handle
return policydb_to_image(handle, &p->p, newdata, newlen);
}
+int sepol_policydb_mls_enabled(
+ sepol_policydb_t *p) {
+
+ return p->p.mls;
+}
+
next reply other threads:[~2005-11-12 21:22 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-12 21:22 Ivan Gyurdiev [this message]
2005-11-12 21:30 ` [ SEPOL ] Add sepol_policydb_mls_enabled, organize map file Ivan Gyurdiev
2005-11-14 14:00 ` Stephen Smalley
2005-11-14 22:04 ` Ivan Gyurdiev
2005-11-15 11:24 ` Stephen Smalley
2005-11-15 13:25 ` Stephen Smalley
2005-11-14 16:37 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43765D20.9070200@cornell.edu \
--to=ivg2@cornell.edu \
--cc=SELinux@tycho.nsa.gov \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.