From patchwork Mon Oct 3 10:46:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gary Tierney X-Patchwork-Id: 9360421 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id F322D607D6 for ; Mon, 3 Oct 2016 10:49:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E1BB328537 for ; Mon, 3 Oct 2016 10:49:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D65D728914; Mon, 3 Oct 2016 10:49:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,FREEMAIL_FROM, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1C88628537 for ; Mon, 3 Oct 2016 10:49:44 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,289,1473120000"; d="scan'208";a="19734832" IronPort-PHdr: =?us-ascii?q?9a23=3ApgASlR/jUeUnXP9uRHKM819IXTAuvvDOBiVQ1KB9?= =?us-ascii?q?2u0cTK2v8tzYMVDF4r011RmSDN+dsa8P0bWempujcFRI2YyGvnEGfc4EfD4+ou?= =?us-ascii?q?JSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47AblHf6ke/8SQVUk2mc1Ek?= =?us-ascii?q?fKKvR8WI0Iye7KObw9XreQJGhT6wM/tZDS6dikHvjPQQmpZoMa0ryxHE8TNicu?= =?us-ascii?q?VSwn50dxrIx06vrvqq+NZf1wgY+7d4r48TZ5/UVOF9bbBCSQ87KHg479GusR7c?= =?us-ascii?q?BUvSpygqaEs9119oDxKA1wzhRpr6rmO67LI8i2GmOpjtQLQ1Xymyx7t6Qx/vzi?= =?us-ascii?q?EcPng293+EpNZ3ifd0qQiw7yB+zpTSbZDdYPV3ZLKbYdIXX2xMT+5eUjwHCYS5?= =?us-ascii?q?OdhcR9EdNPpV+tGu72AFqgGzUFDxCQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2F8BAB/NvJX/wHyM5BdGwEBAQMBAQEJAQEBFwYMgxQBAQE?= =?us-ascii?q?BAR6BU7pQIodrTAEBAQEBAQEBAgECWyeCMgQDAxWCEQIEAQIkExQgDgMJAQEXJ?= =?us-ascii?q?wIICAMBLRURDgsFGASIEQEDFwSjUJQXAYRWhjiCBYUXgU8RAWiFEgEEmXiBZZg?= =?us-ascii?q?LhXOQbFSDIBwYgTlxhX8NFwdagSgBAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 03 Oct 2016 10:49:43 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u93AnepQ005116; Mon, 3 Oct 2016 06:49:40 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u93AkQtI118449 for ; Mon, 3 Oct 2016 06:46:26 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u93AkQaC004966 for ; Mon, 3 Oct 2016 06:46:26 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1CiAADVNfJXhxIP49RdHAEFAQsBgz4BAQEBAYFxpH0EkUOEFYYeAoFkTAECAQEBAQECEwEBAQgNCQkZhRECAQMnYj8SVxmIMgEDG6NOlBcBhCUxhjiCBYUXgkmFEgWZeIFlnX6QbIN0EQsYgTlxhX8rggIBAQE X-IPAS-Result: A1CiAADVNfJXhxIP49RdHAEFAQsBgz4BAQEBAYFxpH0EkUOEFYYeAoFkTAECAQEBAQECEwEBAQgNCQkZhRECAQMnYj8SVxmIMgEDG6NOlBcBhCUxhjiCBYUXgkmFEgWZeIFlnX6QbIN0EQsYgTlxhX8rggIBAQE X-IronPort-AV: E=Sophos;i="5.31,289,1473134400"; d="scan'208";a="5741289" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 03 Oct 2016 06:46:25 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A5/qjZhEFfnTfFrDbMX0d3p1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ75r8+wAkXT6L1XgUPTWs2DsrQf2rCQ6f2rAzNIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD1YLtiqvopNX6WEZhvHKFe7R8LRG7/036l/I9ps9cEJs30QbDuXBSeu?= =?us-ascii?q?5blitCLFOXmAvgtI/rpMYwuxJqldlksu5MS+DBYr8gQLdESTAhLCh1uYy4gyPt?= =?us-ascii?q?Zk7KxncGF14LiQJFCBSNrEuiH8S5jiyvred52S+HLeXqXLs0XnKk9K4tRxj22w?= =?us-ascii?q?kdMDts32jNm4RMja9Bph+w70hwypTFJp2UOeB4c7L1ctYKA2FGW5ACBGR6Hoqg?= =?us-ascii?q?Yt5XXKI6NuFCotyn+lY=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FUAQB/NvJXhxIP49RdHAEFAQsBGBgNg?= =?us-ascii?q?wEBAQEBAYFxpH0EkUOEFYYeAoFkTAEBAQEBAQEBAgECEAEBAQgNCQkZL4IyBAM?= =?us-ascii?q?DFYIRAgEDJ2I/ElcZiDIBAxujUJQXAYQlMYY4ggWFF4JJhRIFmXiBZZ1+kGyDd?= =?us-ascii?q?BELGIE5cYV/K0IDAYE8AQEB?= X-IPAS-Result: =?us-ascii?q?A0FUAQB/NvJXhxIP49RdHAEFAQsBGBgNgwEBAQEBAYFxpH0?= =?us-ascii?q?EkUOEFYYeAoFkTAEBAQEBAQEBAgECEAEBAQgNCQkZL4IyBAMDFYIRAgEDJ2I/E?= =?us-ascii?q?lcZiDIBAxujUJQXAYQlMYY4ggWFF4JJhRIFmXiBZZ1+kGyDdBELGIE5cYV/K0I?= =?us-ascii?q?DAYE8AQEB?= X-IronPort-AV: E=Sophos;i="5.31,289,1473120000"; d="scan'208";a="19734779" Received: from mout.gmx.net ([212.227.15.18]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Oct 2016 10:46:24 +0000 Received: from workstation.home ([86.151.246.244]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LrePN-1avAN009mf-013R5m for ; Mon, 03 Oct 2016 12:46:23 +0200 From: Gary Tierney To: selinux@tycho.nsa.gov Subject: [PATCH 1/1] libsepol/cil: create user and role caches when building binary policy Date: Mon, 3 Oct 2016 11:46:19 +0100 Message-Id: X-Mailer: git-send-email 2.4.11 In-Reply-To: References: In-Reply-To: References: X-Provags-ID: V03:K0:oeapjwpaelokQJnXQuOEJw9Ae9XdaWx1NJBlV+8W4dCIatsoqV7 kizOgB6m7NQMObHr1KfJ8LK22tbL0DAQfkxHQYH4rzKsFvLlTdn6IgPpJ5a0+vV0T8NLJ7T 1og+LmB2wk4BvdZKCpdQgJwOCcMjohnGN4jOnhnoTibe9bzQ5RjniWAUPSqBh529kePT3Gr 5NKOphkIMMqoUxFzv3ZZQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:KN2y7wbsEh0=:7RLeAHZMsIibMUiFLbkLR2 hQhAZqmHGmg8go9yoWtB+WCtO8xy8Mo8N3+rOv1Zk1GXZgr7xnmO9UjqgaPZZUHoc27/j0lXu K+GspzXE0hpneYbGOUsixqdDuNz4hoDgdM8O2/tzL1HI/BZIN8hp5RhUET6a7fvFm6J2hESO8 H5tCkluq91ISKCfs++my+jJGsZgL5Ac7XOrUjRFwPVFilqP8oQHTzBLjekkZ/EXEVJ/fdP3Hh h1GGbmMt8DfYKqYfrVU5ZJNhPBRM+32NJSWGafzIQCHXl0RbOkUxXpgKnhqM6pwaRy9gOMJUi kWaiybQwjIzyk9PrQnLiAPl4fRfXG7s/vWQlHyJdmzUjyXytmm71QO/TAW2h8gFY5u3BItHIw S+8l4W/P/fW5ASjvEx42eO7HjgkuWlAzLcnnYYYsRtL+MJxIHMfZxQXIn+Bk96KxeOetfItTM WsgE2WP+aA/wyyAa0Z+N3Gz9THBEPzEVBUSEW9+YqnCVwWzyrNFBtctBh2rvyf7bWs5RGPHoj MbkwSUTFRirEjmNprsPZU5Qk/EwEF6pv0KhxEueqQ5OM9BOFiJrDe6weJXhqApUZWowHIAMvo fj5KqFunB2pFUMzeyCyA+CaLw7IcYrN1z/81gEzDltivT/8NtE1VM/lGPJvuyy5rQKZIZv+lP Bs00RaFzCtSEOwSVgRhZaOWB4yKGHoOqiw4ExgwpsMgwVEv1BreHMo5YIA2rQ8m2S0ozSaqxd 2evT4n0ulpsMfbmq7MsXE0b1BNw+R5tf/PMxxF19LkLlTCbJXYbgu4ARg50= X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Pre-expands the role and user caches used in context validation when conerting a cildb to a binary policydb. This is currently only done when loading a binary policy and prevents context validation from working correctly with a newly built policy (i.e., when semanage builds a new policy and then runs genhomedircon). Also adds declarations for the hashtable mapping functions used: policydb_role_cache and policydb_user_cache(). Signed-off-by: Gary Tierney --- libsepol/cil/src/cil_binary.c | 7 +++++++ libsepol/include/sepol/policydb/policydb.h | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index cc73648..200101e 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -4794,6 +4794,13 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p } + /* This pre-expands the roles and users for context validity checking */ + if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) + return -1; + + if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) + return -1; + rc = SEPOL_OK; exit: diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h index 26cec13..d99fcf4 100644 --- a/libsepol/include/sepol/policydb/policydb.h +++ b/libsepol/include/sepol/policydb/policydb.h @@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p); extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p, unsigned int verbose); +extern int policydb_role_cache(hashtab_key_t key, + hashtab_datum_t datum, + void *arg); + +extern int policydb_user_cache(hashtab_key_t key, + hashtab_datum_t datum, + void *arg); + extern int policydb_reindex_users(policydb_t * p); extern void policydb_destroy(policydb_t * p);