RE: [PATCH] [RFC] nodups_specs: speedup

2016-10-19 Thread Roberts, William C 
Following up on:
http://marc.info/?l=selinux=147249024230263=2

The speedup only occurs when you have things with very long
And common prefix's that cause strcmp() to run for long periods.

Under actual usecases, like refpolicy and Android, no measurable speedup was
discovered.

Unless anyone else has a use that they would like analyzed, I'll consider this
dead.

-- Bill

___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH] libsepol: cil: cil_strpool: Allow multiple strpool users.

2016-10-19 Thread James Carter 

On 10/18/2016 05:31 PM, Daniel Cashman wrote:

From: dcashman 

cil_strpool currently provides an interface to a statically stored
global data structure.  This interface does not accomodate multiple
consumers, however, as two calls to cil_strpool_init() will lead to a
memory leak and a call to cil_strpool_destroy() by one consumer will
remove data from use by others, and subsequently lead to a segfault on
the next cil_strpool_destroy() invocation.

Add a reference counter so that the strpool is only initialized once and
protect the exported interface with a mutex.

Tested by calling cil_db_init() on two cil_dbs and then calling
cil_db_destroy() on each.

Signed-off-by: Daniel Cashman 


Applied.

Thanks,
Jim


---
 libsepol/cil/src/cil_strpool.c | 28 
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/libsepol/cil/src/cil_strpool.c b/libsepol/cil/src/cil_strpool.c
index ad2a334..5b7df8c 100644
--- a/libsepol/cil/src/cil_strpool.c
+++ b/libsepol/cil/src/cil_strpool.c
@@ -27,6 +27,7 @@
  * either expressed or implied, of Tresys Technology, LLC.
  */

+#include 
 #include 
 #include 
 #include 
@@ -40,6 +41,8 @@ struct cil_strpool_entry {
char *str;
 };

+static pthread_mutex_t cil_strpool_mutex = PTHREAD_MUTEX_INITIALIZER;
+static unsigned int cil_strpool_readers = 0;
 static hashtab_t cil_strpool_tab = NULL;

 static unsigned int cil_strpool_hash(hashtab_t h, hashtab_key_t key)
@@ -68,16 +71,21 @@ char *cil_strpool_add(const char *str)
 {
struct cil_strpool_entry *strpool_ref = NULL;

+   pthread_mutex_lock(_strpool_mutex);
+
strpool_ref = hashtab_search(cil_strpool_tab, (hashtab_key_t)str);
if (strpool_ref == NULL) {
strpool_ref = cil_malloc(sizeof(*strpool_ref));
strpool_ref->str = cil_strdup(str);
int rc = hashtab_insert(cil_strpool_tab, 
(hashtab_key_t)strpool_ref->str, strpool_ref);
if (rc != SEPOL_OK) {
+   pthread_mutex_unlock(_strpool_mutex);
(*cil_mem_error_handler)();
+   pthread_mutex_lock(_strpool_mutex);
}
}

+   pthread_mutex_unlock(_strpool_mutex);
return strpool_ref->str;
 }

@@ -91,14 +99,26 @@ static int cil_strpool_entry_destroy(hashtab_key_t k 
__attribute__ ((unused)), h

 void cil_strpool_init(void)
 {
-   cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, 
CIL_STRPOOL_TABLE_SIZE);
+   pthread_mutex_lock(_strpool_mutex);
if (cil_strpool_tab == NULL) {
-   (*cil_mem_error_handler)();
+   cil_strpool_tab = hashtab_create(cil_strpool_hash, 
cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
+   if (cil_strpool_tab == NULL) {
+   pthread_mutex_unlock(_strpool_mutex);
+   (*cil_mem_error_handler)();
+   return;
+   }
}
+   cil_strpool_readers++;
+   pthread_mutex_unlock(_strpool_mutex);
 }

 void cil_strpool_destroy(void)
 {
-   hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
-   hashtab_destroy(cil_strpool_tab);
+   pthread_mutex_lock(_strpool_mutex);
+   cil_strpool_readers--;
+   if (cil_strpool_readers == 0) {
+   hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
+   hashtab_destroy(cil_strpool_tab);
+   }
+   pthread_mutex_unlock(_strpool_mutex);
 }




--
James Carter 
National Security Agency
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Re: [PATCH 0/7] libsepol/cil: Fix bugs found by Nicolas Looss with AFL

2016-10-19 Thread James Carter 

On 10/18/2016 02:58 PM, James Carter wrote:

A series of patches to fix bugs found by Nicolas Looss while fuzzing
secilc with AFL.

James Carter (7):
  libsepol/cil: Check for improper category range
  libsepol/cil: Use empty list for category expression evaluated as
empty
  libsepol/cil: Use an empty list to represent an unknown permission
  libsepol/cil: Check if identifier is NULL when verifying name
  libsepol/cil: Check that permission is not an empty list
  libsepol/cil: Verify alias in aliasactual statement is really an alias
  libsepol/cil: Verify neither child nor parent in a bounds is an
attribute

 libsepol/cil/src/cil_build_ast.c   |  7 +
 libsepol/cil/src/cil_post.c| 13 
 libsepol/cil/src/cil_resolve_ast.c | 61 +++---
 libsepol/cil/src/cil_verify.c  |  8 -
 4 files changed, 51 insertions(+), 38 deletions(-)



Applied series with Nicolas' correct last name.

--
James Carter 
National Security Agency
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

[PATCH] policycoreutils/gui: fix system-config-selinux editing features

2016-10-19 Thread Vit Mojzis 
Return column definitions to portsPage (gui fails to load otherwise).

fcontextPage:
  "ftype" dropdown was filled from 2 sources (system-config-selinux.glade
  and fcontextPage - from seobject module) which resulted in duplicate
  and invalid options. When given to "semanage fcontext -f", ftype has to be
  converted to 1 letter argument mode.

TreeView.get_selection().get_selected() can return "None" if no item is selected
(the list can be empty). Test if correct iterator was acquired.

Fixes:
  https://bugzilla.redhat.com/show_bug.cgi?id=1344842

Signed-off-by: vmojzis 
---
 policycoreutils/gui/fcontextPage.py | 17 +
 policycoreutils/gui/portsPage.py|  6 ++
 policycoreutils/gui/semanagePage.py |  4 ++--
 policycoreutils/gui/system-config-selinux.glade |  2 +-
 4 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/policycoreutils/gui/fcontextPage.py 
b/policycoreutils/gui/fcontextPage.py
index c176de4..2e2 100644
--- a/policycoreutils/gui/fcontextPage.py
+++ b/policycoreutils/gui/fcontextPage.py
@@ -105,13 +105,6 @@ class fcontextPage(semanagePage):
 self.load()
 self.fcontextEntry = xml.get_widget("fcontextEntry")
 self.fcontextFileTypeCombo = xml.get_widget("fcontextFileTypeCombo")
-liststore = self.fcontextFileTypeCombo.get_model()
-for k in seobject.file_types:
-if len(k) > 0 and k[0] != '-':
-iter = liststore.append()
-liststore.set_value(iter, 0, k)
-iter = liststore.get_iter_first()
-self.fcontextFileTypeCombo.set_active_iter(iter)
 self.fcontextTypeEntry = xml.get_widget("fcontextTypeEntry")
 self.fcontextMLSEntry = xml.get_widget("fcontextMLSEntry")
 
@@ -183,7 +176,7 @@ class fcontextPage(semanagePage):
 fspec = store.get_value(iter, SPEC_COL)
 ftype = store.get_value(iter, FTYPE_COL)
 self.wait()
-(rc, out) = getstatusoutput("semanage fcontext -d -f '%s' '%s'" % 
(ftype, fspec))
+(rc, out) = getstatusoutput("semanage fcontext -d -f '%s' '%s'" % 
(seobject.file_type_str_to_option[ftype], fspec))
 self.ready()
 
 if rc != 0:
@@ -194,14 +187,14 @@ class fcontextPage(semanagePage):
 self.error(e.args[0])
 
 def add(self):
-ftype = ["", "--", "-d", "-c", "-b", "-s", "-l", "-p"]
 fspec = self.fcontextEntry.get_text().strip()
 type = self.fcontextTypeEntry.get_text().strip()
 mls = self.fcontextMLSEntry.get_text().strip()
 list_model = self.fcontextFileTypeCombo.get_model()
-active = self.fcontextFileTypeCombo.get_active()
+it = self.fcontextFileTypeCombo.get_active_iter()
+ftype = list_model.get_value(it,0)
 self.wait()
-(rc, out) = getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' 
'%s'" % (type, mls, ftype[active], fspec))
+(rc, out) = getstatusoutput("semanage fcontext -a -t %s -r %s -f '%s' 
'%s'" % (type, mls, seobject.file_type_str_to_option[ftype], fspec))
 self.ready()
 if rc != 0:
 self.error(out)
@@ -220,7 +213,7 @@ class fcontextPage(semanagePage):
 iter = self.fcontextFileTypeCombo.get_active_iter()
 ftype = list_model.get_value(iter, 0)
 self.wait()
-(rc, out) = getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' 
'%s'" % (type, mls, ftype, fspec))
+(rc, out) = getstatusoutput("semanage fcontext -m -t %s -r %s -f '%s' 
'%s'" % (type, mls, seobject.file_type_str_to_option[ftype], fspec))
 self.ready()
 if rc != 0:
 self.error(out)
diff --git a/policycoreutils/gui/portsPage.py b/policycoreutils/gui/portsPage.py
index b6445db..b8fdaad 100644
--- a/policycoreutils/gui/portsPage.py
+++ b/policycoreutils/gui/portsPage.py
@@ -23,6 +23,12 @@ import os
 import gobject
 import sys
 import seobject
+
+TYPE_COL = 0
+PROTOCOL_COL = 1
+MLS_COL = 2
+PORT_COL = 3
+
 try:
 from subprocess import getstatusoutput
 except ImportError:
diff --git a/policycoreutils/gui/semanagePage.py 
b/policycoreutils/gui/semanagePage.py
index 1f14d56..27367f3 100644
--- a/policycoreutils/gui/semanagePage.py
+++ b/policycoreutils/gui/semanagePage.py
@@ -130,8 +130,8 @@ class semanagePage:
 dlg.destroy()
 
 def deleteDialog(self):
-store, iter = self.view.get_selection().get_selected()
-if self.verify(_("Are you sure you want to delete %s '%s'?" % 
(self.description, store.get_value(iter, 0))), _("Delete %s" % 
self.description)) == gtk.RESPONSE_YES:
+store, it = self.view.get_selection().get_selected()
+if (it is not None) and (self.verify(_("Are you sure you want to 
delete %s '%s'?" % (self.description, store.get_value(it, 0))), _("Delete %s" % 
self.description)) == gtk.RESPONSE_YES):
 self.delete()
 
 def use_menus(self):
diff --git