[PATCH 1/5] libselinux: rename existing name<->value functions for compat

[PATCH 1/5] libselinux: rename existing name<->value functions for compat

[Christopher J. PeBenito]

Rename existing object class and av perm value->string and string->value functions
to internal compatibility functions.

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---
 libselinux/src/stringrep.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Index: selinux-obj-class-discovery/libselinux/src/stringrep.c
===================================================================
--- selinux-obj-class-discovery.orig/libselinux/src/stringrep.c
+++ selinux-obj-class-discovery/libselinux/src/stringrep.c
@@ -144,7 +144,7 @@ static const struct av_inherit {
 #define NCLASSES ARRAY_SIZE(class_to_string)
 #define NVECTORS ARRAY_SIZE(av_perm_to_string)
 
-security_class_t string_to_security_class(const char *s)
+static security_class_t string_to_security_class_compat(const char *s)
 {
 	unsigned int val;
 
@@ -163,7 +163,7 @@ security_class_t string_to_security_clas
 	return 0;
 }
 
-access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
+static access_vector_t string_to_av_perm_compat(security_class_t tclass, const char *s)
 {
 	const uint16_t *common_pts_idx = 0;
 	access_vector_t perm, common_base = 0;
@@ -200,13 +200,13 @@ access_vector_t string_to_av_perm(securi
 	return 0;
 }
 
-const char *security_class_to_string(security_class_t tclass)
+static const char *security_class_to_string_compat(security_class_t tclass)
 {
 	tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
 	return class_to_string_data.str + class_to_string[tclass];
 }
 
-const char *security_av_perm_to_string(security_class_t tclass,
+static const char *security_av_perm_to_string_compat(security_class_t tclass,
 				       access_vector_t av)
 {
 	const uint16_t *common_pts_idx = 0;


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 1/5] libselinux: rename existing name<->value functions for compat

[Eamon Walsh]

Christopher J. PeBenito wrote:

[snip]

> -const char *security_class_to_string(security_class_t tclass)
> +static const char *security_class_to_string_compat(security_class_t tclass)
>  {
>  	tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
>  	return class_to_string_data.str + class_to_string[tclass];
>  }
>  

This will have to be rebased to the errno patch r2463 in trunk.  Also, 
the behavior should be identical on the new functions (return EINVAL in 
the same manner).

This patchset should go in prior to the mapping patchset I posted today.



-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 1/5] libselinux: rename existing name<->value functions for compat

[Joshua Brindle]

Eamon Walsh wrote:
> Christopher J. PeBenito wrote:
> 
> [snip]
> 
>> -const char *security_class_to_string(security_class_t tclass)
>> +static const char *security_class_to_string_compat(security_class_t 
>> tclass)
>>  {
>>      tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
>>      return class_to_string_data.str + class_to_string[tclass];
>>  }
>>  
> 
> This will have to be rebased to the errno patch r2463 in trunk.  Also, 
> the behavior should be identical on the new functions (return EINVAL in 
> the same manner).
> 
> This patchset should go in prior to the mapping patchset I posted today.
> 

Has anyone stacked these patches yet to see if they integrate as 
expected? I assume they will since Chris' patches just change the 
interfaces that you were using to obtain the kernel values.

This seems to have worked out well assuming the integration fell out 
naturally :)


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH 1/5] libselinux: rename existing name<->value functions for compat

[Eamon Walsh]

Joshua Brindle wrote:
> Eamon Walsh wrote:
>> Christopher J. PeBenito wrote:
>>
>> [snip]
>>
>>> -const char *security_class_to_string(security_class_t tclass)
>>> +static const char *security_class_to_string_compat(security_class_t 
>>> tclass)
>>>  {
>>>      tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
>>>      return class_to_string_data.str + class_to_string[tclass];
>>>  }
>>>  
>> This will have to be rebased to the errno patch r2463 in trunk.  Also, 
>> the behavior should be identical on the new functions (return EINVAL in 
>> the same manner).
>>
>> This patchset should go in prior to the mapping patchset I posted today.
>>
> 
> Has anyone stacked these patches yet to see if they integrate as 
> expected? I assume they will since Chris' patches just change the 
> interfaces that you were using to obtain the kernel values.

For users, the interfaces have to work with the mapped values, so I have 
to go into the new string_to_foo()/foo_to_string() functions and add 
map_foo()/unmap_foo() calls.  Probably the best way to do this would be 
to store the mapped values in the discover_class nodes so that the 
conversions would only be done when selinuxfs is queried.

Also, I just realized that when a mapping is set, the caches have to be 
flushed.


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH 1/5] libselinux: rename existing name<->value functions for compat

[Christopher J. PeBenito]

Rename existing object class and av perm value->string and string->value functions
to internal compatibility functions.

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>

---
 libselinux/src/stringrep.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Index: selinux-obj-class-discovery/libselinux/src/stringrep.c
===================================================================
--- selinux-obj-class-discovery.orig/libselinux/src/stringrep.c
+++ selinux-obj-class-discovery/libselinux/src/stringrep.c
@@ -144,7 +144,7 @@ static const struct av_inherit {
 #define NCLASSES ARRAY_SIZE(class_to_string)
 #define NVECTORS ARRAY_SIZE(av_perm_to_string)
 
-security_class_t string_to_security_class(const char *s)
+static security_class_t string_to_security_class_compat(const char *s)
 {
 	unsigned int val;
 
@@ -164,7 +164,7 @@ security_class_t string_to_security_clas
 	return 0;
 }
 
-access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
+static access_vector_t string_to_av_perm_compat(security_class_t tclass, const char *s)
 {
 	const uint16_t *common_pts_idx = 0;
 	access_vector_t perm, common_base = 0;
@@ -202,7 +202,7 @@ access_vector_t string_to_av_perm(securi
 	return 0;
 }
 
-const char *security_class_to_string(security_class_t tclass)
+static const char *security_class_to_string_compat(security_class_t tclass)
 {
 	if (tclass > 0 && tclass < NCLASSES)
 		return class_to_string_data.str + class_to_string[tclass];
@@ -211,7 +211,7 @@ const char *security_class_to_string(sec
 	return NULL;
 }
 
-const char *security_av_perm_to_string(security_class_t tclass,
+static const char *security_av_perm_to_string_compat(security_class_t tclass,
 				       access_vector_t av)
 {
 	const uint16_t *common_pts_idx = 0;


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.