Re: [PATCH v2 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
On Fri, 2017-05-19 at 01:25 +0300, Dan Jurgens wrote:
> From: Daniel Jurgens
>
> Update libsepol and libsemanage to work with pkey records. Add local
> storage for new and modified pkey records in pkeys.local. Update
> semanage
> to parse the pkey command options to add, modify, and delete pkeys.
>
> Signed-off-by: Daniel Jurgens
>
> ---
> v1:
> Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow
> in
> seobject.py
>
> Stephen Smalley:
> - Subnet prefix can't vary in size always 16 bytes, remove size
> field.
> - Removed extraneous change in libsepol/VERSION
> - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr.
> - Got rid of magic constant for subnet prefix size.
>
> Jason Zaman:
> - Use SETools directly to query types in seobject.py.
>
> v2:
> Jason Zaman:
> - Use set instead of sorted for valid_types.
>
> Stephen Smalley:
> - Fix semanage when ibpkey_type attribute isn't defined.
> - Store subnet prefix in 8 bytes.
> - Removed a missed #if DARWIN
> - Use sizeof(struct in6_addr) vs a define.
> ---
> libsemanage/include/semanage/ibpkey_record.h | 74 +
> libsemanage/include/semanage/ibpkeys_local.h | 36 +++
> libsemanage/include/semanage/ibpkeys_policy.h | 28 ++
> libsemanage/include/semanage/semanage.h | 3 +
> libsemanage/src/direct_api.c | 29 +-
> libsemanage/src/handle.h | 36 ++-
> libsemanage/src/ibpkey_internal.h | 52 +++
> libsemanage/src/ibpkey_record.c | 185 +++
> libsemanage/src/ibpkeys_file.c| 181 +++
> libsemanage/src/ibpkeys_local.c | 179 +++
> libsemanage/src/ibpkeys_policy.c | 52 +++
> libsemanage/src/ibpkeys_policydb.c| 62
> libsemanage/src/libsemanage.map | 1 +
> libsemanage/src/policy_components.c | 5 +-
> libsemanage/src/semanage_store.c | 1 +
> libsemanage/src/semanage_store.h | 1 +
> libsemanage/src/semanageswig.i| 3 +
> libsemanage/src/semanageswig_python.i | 43 +++
> libsemanage/utils/semanage_migrate_store | 3 +-
> libsepol/include/sepol/ibpkey_record.h| 77 +
> libsepol/include/sepol/ibpkeys.h | 44 +++
> libsepol/include/sepol/sepol.h| 2 +
> libsepol/src/ibpkey_internal.h| 21 ++
> libsepol/src/ibpkey_record.c | 445
> ++
> libsepol/src/ibpkeys.c| 269
> python/semanage/semanage | 60 +++-
> python/semanage/seobject.py | 255 +++
> 27 files changed, 2131 insertions(+), 16 deletions(-)
> create mode 100644 libsemanage/include/semanage/ibpkey_record.h
> create mode 100644 libsemanage/include/semanage/ibpkeys_local.h
> create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h
> create mode 100644 libsemanage/src/ibpkey_internal.h
> create mode 100644 libsemanage/src/ibpkey_record.c
> create mode 100644 libsemanage/src/ibpkeys_file.c
> create mode 100644 libsemanage/src/ibpkeys_local.c
> create mode 100644 libsemanage/src/ibpkeys_policy.c
> create mode 100644 libsemanage/src/ibpkeys_policydb.c
> create mode 100644 libsepol/include/sepol/ibpkey_record.h
> create mode 100644 libsepol/include/sepol/ibpkeys.h
> create mode 100644 libsepol/src/ibpkey_internal.h
> create mode 100644 libsepol/src/ibpkey_record.c
> create mode 100644 libsepol/src/ibpkeys.c
> diff --git a/libsepol/src/ibpkey_record.c
> b/libsepol/src/ibpkey_record.c
> new file mode 100644
> index ..c551f411
> --- /dev/null
> +++ b/libsepol/src/ibpkey_record.c
> @@ -0,0 +1,445 @@
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +#include "ibpkey_internal.h"
> +#include "context_internal.h"
> +#include "debug.h"
> +
> +struct sepol_ibpkey {
> + /* Subnet prefix */
> + char *subnet_prefix;
Why not just struct in6_addr or even just uint64_t and only store the
first two words as in struct ocontext?
> +
> + /* Low - High range. Same for single ibpkeys. */
> + int low, high;
> +
> + /* Context */
> + sepol_context_t *con;
> +};
> +
> +struct sepol_ibpkey_key {
> + /* Subnet prefix */
> + char *subnet_prefix;
> +
> + /* Low - High range. Same for single ibpkeys. */
> + int low, high;
> +};
> +
> +/* Converts a string represtation (subnet_prefix_str)
> + * to a numeric representation (subnet_prefix_bytes)
> + */
> +static int ibpkey_parse_subnet_prefix(sepol_handle_t *handle,
> + const char *subnet_prefix_str,
> + char *subnet_prefix_bytes)
> +{
> + struct in6_addr in_addr;
> +
> + if (inet_pton(AF_INET6, subnet_prefix_str, &in_addr) <= 0) {
> + ERR(handle, "could not parse IPv6 address for ibpkey
> subnet prefix %s: %s",
> +
[PATCH v2 7/9] semanage: Update semanage to allow runtime labeling of Infiniband Pkeys
From: Daniel Jurgens Update libsepol and libsemanage to work with pkey records. Add local storage for new and modified pkey records in pkeys.local. Update semanage to parse the pkey command options to add, modify, and delete pkeys. Signed-off-by: Daniel Jurgens --- v1: Fixed semanage_pkey_exists -> semanage_ibpkey_exists in delete flow in seobject.py Stephen Smalley: - Subnet prefix can't vary in size always 16 bytes, remove size field. - Removed extraneous change in libsepol/VERSION - Removed ifdef DARWIN s6_addr/32 blocks in favor of s6_addr. - Got rid of magic constant for subnet prefix size. Jason Zaman: - Use SETools directly to query types in seobject.py. v2: Jason Zaman: - Use set instead of sorted for valid_types. Stephen Smalley: - Fix semanage when ibpkey_type attribute isn't defined. - Store subnet prefix in 8 bytes. - Removed a missed #if DARWIN - Use sizeof(struct in6_addr) vs a define. --- libsemanage/include/semanage/ibpkey_record.h | 74 + libsemanage/include/semanage/ibpkeys_local.h | 36 +++ libsemanage/include/semanage/ibpkeys_policy.h | 28 ++ libsemanage/include/semanage/semanage.h | 3 + libsemanage/src/direct_api.c | 29 +- libsemanage/src/handle.h | 36 ++- libsemanage/src/ibpkey_internal.h | 52 +++ libsemanage/src/ibpkey_record.c | 185 +++ libsemanage/src/ibpkeys_file.c| 181 +++ libsemanage/src/ibpkeys_local.c | 179 +++ libsemanage/src/ibpkeys_policy.c | 52 +++ libsemanage/src/ibpkeys_policydb.c| 62 libsemanage/src/libsemanage.map | 1 + libsemanage/src/policy_components.c | 5 +- libsemanage/src/semanage_store.c | 1 + libsemanage/src/semanage_store.h | 1 + libsemanage/src/semanageswig.i| 3 + libsemanage/src/semanageswig_python.i | 43 +++ libsemanage/utils/semanage_migrate_store | 3 +- libsepol/include/sepol/ibpkey_record.h| 77 + libsepol/include/sepol/ibpkeys.h | 44 +++ libsepol/include/sepol/sepol.h| 2 + libsepol/src/ibpkey_internal.h| 21 ++ libsepol/src/ibpkey_record.c | 445 ++ libsepol/src/ibpkeys.c| 269 python/semanage/semanage | 60 +++- python/semanage/seobject.py | 255 +++ 27 files changed, 2131 insertions(+), 16 deletions(-) create mode 100644 libsemanage/include/semanage/ibpkey_record.h create mode 100644 libsemanage/include/semanage/ibpkeys_local.h create mode 100644 libsemanage/include/semanage/ibpkeys_policy.h create mode 100644 libsemanage/src/ibpkey_internal.h create mode 100644 libsemanage/src/ibpkey_record.c create mode 100644 libsemanage/src/ibpkeys_file.c create mode 100644 libsemanage/src/ibpkeys_local.c create mode 100644 libsemanage/src/ibpkeys_policy.c create mode 100644 libsemanage/src/ibpkeys_policydb.c create mode 100644 libsepol/include/sepol/ibpkey_record.h create mode 100644 libsepol/include/sepol/ibpkeys.h create mode 100644 libsepol/src/ibpkey_internal.h create mode 100644 libsepol/src/ibpkey_record.c create mode 100644 libsepol/src/ibpkeys.c diff --git a/libsemanage/include/semanage/ibpkey_record.h b/libsemanage/include/semanage/ibpkey_record.h new file mode 100644 index ..59d5ff4a --- /dev/null +++ b/libsemanage/include/semanage/ibpkey_record.h @@ -0,0 +1,74 @@ +/* Copyright (C) 2017 Mellanox Technologies Inc */ + +#ifndef _SEMANAGE_IBPKEY_RECORD_H_ +#define _SEMANAGE_IBPKEY_RECORD_H_ + +#include +#include +#include + +#ifndef _SEMANAGE_IBPKEY_DEFINED_ +struct semanage_ibpkey; +struct semanage_ibpkey_key; +typedef struct semanage_ibpkey semanage_ibpkey_t; +typedef struct semanage_ibpkey_key semanage_ibpkey_key_t; +#define _SEMANAGE_IBPKEY_DEFINED_ +#endif + +extern int semanage_ibpkey_compare(const semanage_ibpkey_t *ibpkey, + const semanage_ibpkey_key_t *key); + +extern int semanage_ibpkey_compare2(const semanage_ibpkey_t *ibpkey, + const semanage_ibpkey_t *ibpkey2); + +extern int semanage_ibpkey_key_create(semanage_handle_t *handle, + const char *subnet_prefix, + int low, int high, + semanage_ibpkey_key_t **key_ptr); + +extern int semanage_ibpkey_key_extract(semanage_handle_t *handle, + const semanage_ibpkey_t *ibpkey, + semanage_ibpkey_key_t **key_ptr); + +extern void semanage_ibpkey_key_free(semanage_ibpkey_key_t *key); + +extern int semanage_ibpkey_get_subnet_prefix(semanage_handle_t *handle, +const semanage_ibpkey_t *ibpkey, +
