[PATCH v2 1/1] libsepol/cil: create user and role caches when building binary policy

Mon, 03 Oct 2016 04:51:09 -0700 

Pre-expands the role and user caches used in context validation when
conerting a cildb to a binary policydb.  This is currently only done
when loading a binary policy and prevents context validation from
working correctly with a newly built policy (i.e., when semanage builds
a new policy and then runs genhomedircon).

Also adds declarations for the hashtable mapping functions used:
policydb_role_cache and policydb_user_cache().

Signed-off-by: Gary Tierney <gary.tier...@gmx.com>
---
 libsepol/cil/src/cil_binary.c              | 13 +++++++++++++
 libsepol/include/sepol/policydb/policydb.h |  8 ++++++++
 2 files changed, 21 insertions(+)

diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index cc73648..5402272 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -4794,6 +4794,19 @@ int cil_binary_create_allocated_pdb(const struct cil_db 
*db, sepol_policydb_t *p
 
        }
 
+       /* This pre-expands the roles and users for context validity checking */
+       if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) {
+               cil_log(CIL_INFO, "Failure creating roles cache");
+               rc = SEPOL_ERR;
+               goto exit;
+    }
+
+       if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) {
+               cil_log(CIL_INFO, "Failure creating users cache");
+               rc = SEPOL_ERR;
+               goto exit;
+       }
+
        rc = SEPOL_OK;
 
 exit:
diff --git a/libsepol/include/sepol/policydb/policydb.h 
b/libsepol/include/sepol/policydb/policydb.h
index 26cec13..d99fcf4 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p);
 extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p,
                                 unsigned int verbose);
 
+extern int policydb_role_cache(hashtab_key_t key,
+                              hashtab_datum_t datum,
+                              void *arg);
+
+extern int policydb_user_cache(hashtab_key_t key,
+                              hashtab_datum_t datum,
+                              void *arg);
+
 extern int policydb_reindex_users(policydb_t * p);
 
 extern void policydb_destroy(policydb_t * p);
-- 
2.4.11

_______________________________________________
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.

Reply via email to