| Message ID | ee13bc88daffcc4d136ed0d41ca8348ca3c16e36.1475491349.git.gary.tierney@gmx.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
On Mon, Oct 03, 2016 at 11:46:19AM +0100, Gary Tierney wrote: > Pre-expands the role and user caches used in context validation when > conerting a cildb to a binary policydb. This is currently only done > when loading a binary policy and prevents context validation from > working correctly with a newly built policy (i.e., when semanage builds > a new policy and then runs genhomedircon). > > Also adds declarations for the hashtable mapping functions used: > policydb_role_cache and policydb_user_cache(). > > Signed-off-by: Gary Tierney <gary.tierney@gmx.com> > --- > libsepol/cil/src/cil_binary.c | 7 +++++++ > libsepol/include/sepol/policydb/policydb.h | 8 ++++++++ > 2 files changed, 15 insertions(+) > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index cc73648..200101e 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -4794,6 +4794,13 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p > > } > > + /* This pre-expands the roles and users for context validity checking */ > + if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) > + return -1; > + > + if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) > + return -1; > + > rc = SEPOL_OK; > > exit: > diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h > index 26cec13..d99fcf4 100644 > --- a/libsepol/include/sepol/policydb/policydb.h > +++ b/libsepol/include/sepol/policydb/policydb.h > @@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p); > extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p, > unsigned int verbose); > > +extern int policydb_role_cache(hashtab_key_t key, > + hashtab_datum_t datum, > + void *arg); > + > +extern int policydb_user_cache(hashtab_key_t key, > + hashtab_datum_t datum, > + void *arg); > + > extern int policydb_reindex_users(policydb_t * p); > > extern void policydb_destroy(policydb_t * p); > -- > 2.4.11 > > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. Ah, that return should be a goto. Sending a v2.
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index cc73648..200101e 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -4794,6 +4794,13 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p } + /* This pre-expands the roles and users for context validity checking */ + if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) + return -1; + + if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) + return -1; + rc = SEPOL_OK; exit: diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h index 26cec13..d99fcf4 100644 --- a/libsepol/include/sepol/policydb/policydb.h +++ b/libsepol/include/sepol/policydb/policydb.h @@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p); extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p, unsigned int verbose); +extern int policydb_role_cache(hashtab_key_t key, + hashtab_datum_t datum, + void *arg); + +extern int policydb_user_cache(hashtab_key_t key, + hashtab_datum_t datum, + void *arg); + extern int policydb_reindex_users(policydb_t * p); extern void policydb_destroy(policydb_t * p);
Pre-expands the role and user caches used in context validation when conerting a cildb to a binary policydb. This is currently only done when loading a binary policy and prevents context validation from working correctly with a newly built policy (i.e., when semanage builds a new policy and then runs genhomedircon). Also adds declarations for the hashtable mapping functions used: policydb_role_cache and policydb_user_cache(). Signed-off-by: Gary Tierney <gary.tierney@gmx.com> --- libsepol/cil/src/cil_binary.c | 7 +++++++ libsepol/include/sepol/policydb/policydb.h | 8 ++++++++ 2 files changed, 15 insertions(+)