From: Stephen Smalley <sds@tycho.nsa.gov>
To: Richard Haines <richard_c_haines@btinternet.com>, selinux@tycho.nsa.gov
Subject: Re: [PATCH] libselinux: Enhance file context support
Date: Mon, 15 Jun 2015 10:20:35 -0400 [thread overview]
Message-ID: <557EDF33.5060707@tycho.nsa.gov> (raw)
In-Reply-To: <1434371592-2694-1-git-send-email-richard_c_haines@btinternet.com>
On 06/15/2015 08:33 AM, Richard Haines wrote:
> Update file contexts generation and loading to use common code. Also fix
> to correct sort order.
>
> The file labeling code has also had minor formatting, white space
> removal etc. changes.
>
> These changes bring file context processing in line with Android [1]
> apart from some minor build differences.
>
> label_file.c - Move process_line function to label_file.h
> sefcontext_compile.c - Update to use common process_line code. Now frees
> all malloc'ed memory, checked by valgrind. Also added optional -o output
> file parameter - updated man page to reflect this change.
>
> [1] https://android-review.googlesource.com/#/c/153580/
>
> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
> ---
> libselinux/man/man8/sefcontext_compile.8 | 49 +++++-
> libselinux/src/label_file.c | 171 +++-----------------
> libselinux/src/label_file.h | 156 +++++++++++++++++-
> libselinux/src/label_internal.h | 2 +-
> libselinux/utils/sefcontext_compile.c | 268 ++++++++++++++++---------------
> 5 files changed, 354 insertions(+), 292 deletions(-)
>
> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
> index 60aae66..1d6c36e 100644
> --- a/libselinux/src/label_file.c
> +++ b/libselinux/src/label_file.c
<snip>
> - if (strcmp(context, "<<none>>") && rec->validating)
> - compat_validate(rec, &spec_arr[nspec].lr, path, lineno);
Before, we called compat_validate(), which first checks the legacy
callbacks for set_matchpathcon_*() and then calls selabel_validate() if
those are not set.
> diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
> index a8d1e51..814b4de 100644
> --- a/libselinux/src/label_file.h
> +++ b/libselinux/src/label_file.h
> @@ -3,6 +3,7 @@
> + if (strcmp(context, "<<none>>") && rec->validating) {
> + if (selabel_validate(rec, &spec_arr[nspec].lr) < 0) {
After, we call selabel_validate() directly.
prev parent reply other threads:[~2015-06-15 14:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 12:33 [PATCH] libselinux: Enhance file context support Richard Haines
2015-06-15 14:05 ` Stephen Smalley
2015-06-15 14:26 ` Richard Haines
2015-06-15 14:20 ` Stephen Smalley [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=557EDF33.5060707@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=richard_c_haines@btinternet.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.