- Check for selinux_mnt == NULL

This commit is contained in:
Daniel J Walsh 2006-06-01 17:25:22 +00:00
parent 9cf72ebb65
commit f3cb9dc26b
2 changed files with 164 additions and 192 deletions

View File

@ -1,202 +1,169 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.7/src/init.c diff -Nurp libselinux-1.29.7.orig/src/canonicalize_context.c libselinux-1.29.7/src/canonicalize_context.c
--- nsalibselinux/src/init.c 2006-05-15 09:43:24.000000000 -0400 --- libselinux-1.29.7.orig/src/canonicalize_context.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.30.7/src/init.c 2006-05-17 13:57:29.000000000 -0400 +++ libselinux-1.29.7/src/canonicalize_context.c 2006-05-31 20:42:47.000000000 +0800
@@ -78,21 +78,17 @@ @@ -18,6 +18,9 @@ int security_canonicalize_context_raw(se
} size_t size;
hidden_def(set_selinuxmnt) int fd, ret;
-static void init_translations(void) + if (!selinux_mnt)
-{ + return -1;
- init_context_translations();
-}
-
static void init_lib(void) __attribute__ ((constructor));
static void init_lib(void)
{
selinux_page_size = sysconf(_SC_PAGE_SIZE);
init_selinuxmnt();
- init_translations();
+ init_context_translations();
}
static void fini_lib(void) __attribute__ ((destructor));
static void fini_lib(void)
{
fini_selinuxmnt();
+ fini_context_translations();
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.30.7/src/selinux_config.c
--- nsalibselinux/src/selinux_config.c 2006-05-15 09:43:24.000000000 -0400
+++ libselinux-1.30.7/src/selinux_config.c 2006-05-17 14:31:07.000000000 -0400
@@ -17,6 +17,7 @@
#define SELINUXTAG "SELINUX="
#define SETLOCALDEFS "SETLOCALDEFS="
#define REQUIRESEUSERS "REQUIRESEUSERS="
+#define CACHETRANSTAG "CACHETRANS="
/* Indices for file paths arrays. */
#define BINPOLICY 0
@@ -175,6 +176,10 @@
sizeof(REQUIRESEUSERS)-1)) {
value = buf_p + sizeof(REQUIRESEUSERS)-1;
intptr = &require_seusers;
+ } else if (!strncmp(buf_p, CACHETRANSTAG,
+ sizeof(CACHETRANSTAG)-1)) {
+ value = buf_p + sizeof(CACHETRANSTAG)-1;
+ intptr = &cache_trans;
} else {
continue;
}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.7/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h 2006-05-15 09:43:24.000000000 -0400
+++ libselinux-1.30.7/src/selinux_internal.h 2006-05-17 14:05:25.000000000 -0400
@@ -70,3 +70,4 @@
extern int load_setlocaldefs hidden;
extern int require_seusers hidden;
extern int selinux_page_size hidden;
+extern int cache_trans hidden;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.7/src/setrans_client.c
--- nsalibselinux/src/setrans_client.c 2006-05-16 20:43:27.000000000 -0400
+++ libselinux-1.30.7/src/setrans_client.c 2006-05-17 18:17:41.000000000 -0400
@@ -16,6 +16,13 @@
#include "selinux_internal.h"
#include "setrans_internal.h"
+// Simple cache
+static __thread security_context_t prev_t2r_trans=NULL;
+static __thread security_context_t prev_t2r_raw=NULL;
+static __thread security_context_t prev_r2t_trans=NULL;
+static __thread security_context_t prev_r2t_raw=NULL;
+ +
+int cache_trans hidden = 1; snprintf(path, sizeof path, "%s/context", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff -Nurp libselinux-1.29.7.orig/src/check_context.c libselinux-1.29.7/src/check_context.c
--- libselinux-1.29.7.orig/src/check_context.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/check_context.c 2006-05-31 20:43:24.000000000 +0800
@@ -14,6 +14,9 @@ int security_check_context_raw(security_
char path[PATH_MAX];
int fd, ret;
/* + if (!selinux_mnt)
* setransd_open + return -1;
@@ -193,6 +200,17 @@
}
+hidden void
+fini_context_translations(void)
+{
+ if (cache_trans) {
+ free(prev_r2t_trans);
+ free(prev_r2t_raw);
+ free(prev_t2r_trans);
+ free(prev_t2r_raw);
+ }
+}
+ +
hidden int snprintf(path, sizeof path, "%s/context", selinux_mnt);
init_context_translations(void) fd = open(path, O_RDWR);
{ if (fd < 0)
@@ -225,9 +243,24 @@ diff -Nurp libselinux-1.29.7.orig/src/compute_av.c libselinux-1.29.7/src/compute_av.c
*rawp = NULL; --- libselinux-1.29.7.orig/src/compute_av.c 2006-01-20 23:37:52.000000000 +0800
return 0; +++ libselinux-1.29.7/src/compute_av.c 2006-05-31 20:44:00.000000000 +0800
} @@ -21,6 +21,9 @@ int security_compute_av_raw(security_con
+ if (cache_trans) { size_t len;
+ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) { int fd, ret;
+ *rawp=strdup(prev_t2r_raw);
+ } else {
+ free(prev_t2r_trans); prev_t2r_trans = NULL;
+ free(prev_t2r_raw); prev_t2r_raw = NULL;
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ if (*rawp) {
+ prev_t2r_trans=strdup(trans);
+ prev_t2r_raw=strdup(*rawp);
+ }
+ }
+ }
+ else
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
- if (trans_to_raw_context(trans, rawp)) + if (!selinux_mnt)
- *rawp = strdup(trans); + return -1;
return *rawp ? 0 : -1; +
} snprintf(path, sizeof path, "%s/access", selinux_mnt);
hidden_def(selinux_trans_to_raw_context) fd = open(path, O_RDWR);
@@ -240,8 +273,23 @@ if (fd < 0)
return 0; diff -Nurp libselinux-1.29.7.orig/src/compute_create.c libselinux-1.29.7/src/compute_create.c
} --- libselinux-1.29.7.orig/src/compute_create.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/compute_create.c 2006-05-31 20:44:53.000000000 +0800
@@ -20,6 +20,9 @@ int security_compute_create_raw(security
size_t size;
int fd, ret;
- if (raw_to_trans_context(raw, transp)) + if (!selinux_mnt)
- *transp = strdup(raw); + return -1;
+ if (cache_trans) { +
+ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) { snprintf(path, sizeof path, "%s/create", selinux_mnt);
+ *transp=strdup(prev_r2t_trans); fd = open(path, O_RDWR);
+ } else { if (fd < 0)
+ free(prev_r2t_raw); prev_r2t_raw = NULL; diff -Nurp libselinux-1.29.7.orig/src/compute_member.c libselinux-1.29.7/src/compute_member.c
+ free(prev_r2t_trans); prev_r2t_trans = NULL; --- libselinux-1.29.7.orig/src/compute_member.c 2006-01-20 23:37:52.000000000 +0800
+ if (raw_to_trans_context(raw, transp)) +++ libselinux-1.29.7/src/compute_member.c 2006-05-31 20:45:36.000000000 +0800
+ *transp = strdup(raw); @@ -20,6 +20,9 @@ int security_compute_member_raw(security
+ if (*transp) { size_t size;
+ prev_r2t_raw=strdup(raw); int fd, ret;
+ prev_r2t_trans=strdup(*transp);
+ }
+ }
+ }
+ else
+ if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
return *transp ? 0 : -1; + if (!selinux_mnt)
} + return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.7/src/setrans_internal.h +
--- nsalibselinux/src/setrans_internal.h 2006-05-16 20:43:27.000000000 -0400 snprintf(path, sizeof path, "%s/member", selinux_mnt);
+++ libselinux-1.30.7/src/setrans_internal.h 2006-05-17 14:07:34.000000000 -0400 fd = open(path, O_RDWR);
@@ -8,3 +8,4 @@ if (fd < 0)
#define MAX_DATA_BUF 8192 diff -Nurp libselinux-1.29.7.orig/src/compute_relabel.c libselinux-1.29.7/src/compute_relabel.c
--- libselinux-1.29.7.orig/src/compute_relabel.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/compute_relabel.c 2006-05-31 20:46:04.000000000 +0800
@@ -20,6 +20,9 @@ int security_compute_relabel_raw(securit
size_t size;
int fd, ret;
extern int init_context_translations(void); + if (!selinux_mnt)
+extern void fini_context_translations(void); + return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.30.7/utils/avcstat.c +
--- nsalibselinux/utils/avcstat.c 2006-05-15 09:43:20.000000000 -0400 snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
+++ libselinux-1.30.7/utils/avcstat.c 2006-05-17 06:18:39.000000000 -0400 fd = open(path, O_RDWR);
@@ -27,12 +27,12 @@ if (fd < 0)
#define HEADERS "lookups hits misses allocations reclaims frees" diff -Nurp libselinux-1.29.7.orig/src/compute_user.c libselinux-1.29.7/src/compute_user.c
--- libselinux-1.29.7.orig/src/compute_user.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/compute_user.c 2006-05-31 20:46:32.000000000 +0800
@@ -21,6 +21,9 @@ int security_compute_user_raw(security_c
int fd, ret;
unsigned int i, nel;
struct avc_cache_stats { + if (!selinux_mnt)
- unsigned int lookups; + return -1;
- unsigned int hits; +
- unsigned int misses; snprintf(path, sizeof path, "%s/user", selinux_mnt);
- unsigned int allocations; fd = open(path, O_RDWR);
- unsigned int reclaims; if (fd < 0)
- unsigned int frees; diff -Nurp libselinux-1.29.7.orig/src/disable.c libselinux-1.29.7/src/disable.c
+ unsigned long long lookups; --- libselinux-1.29.7.orig/src/disable.c 2006-01-20 23:37:52.000000000 +0800
+ unsigned long long hits; +++ libselinux-1.29.7/src/disable.c 2006-05-31 20:47:27.000000000 +0800
+ unsigned long long misses; @@ -15,6 +15,9 @@ int security_disable(void)
+ unsigned long long allocations; char path[PATH_MAX];
+ unsigned long long reclaims; char buf[20];
+ unsigned long long frees;
};
static int interval; + if (!selinux_mnt)
@@ -172,7 +172,7 @@ + return -1;
while ((line = strtok(NULL, "\n"))) { +
struct avc_cache_stats tmp; snprintf(path, sizeof path, "%s/disable", selinux_mnt);
fd = open(path, O_WRONLY);
if (fd < 0)
diff -Nurp libselinux-1.29.7.orig/src/enabled.c libselinux-1.29.7/src/enabled.c
--- libselinux-1.29.7.orig/src/enabled.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/enabled.c 2006-05-31 20:48:30.000000000 +0800
@@ -65,6 +65,9 @@ int is_selinux_mls_enabled(void)
char buf[20], path[PATH_MAX];
int fd, ret, enabled = 0;
- ret = sscanf(line, "%u %u %u %u %u %u", + if (!selinux_mnt)
+ ret = sscanf(line, "%Lu %Lu %Lu %Lu %Lu %Lu", + return enabled;
&tmp.lookups, +
&tmp.hits, snprintf(path, sizeof path, "%s/mls", selinux_mnt);
&tmp.misses, fd = open(path, O_RDONLY);
@@ -195,7 +195,7 @@ if (fd < 0)
die("unable to parse \'%s\': no data", avcstatfile); diff -Nurp libselinux-1.29.7.orig/src/getenforce.c libselinux-1.29.7/src/getenforce.c
--- libselinux-1.29.7.orig/src/getenforce.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/getenforce.c 2006-05-31 20:48:56.000000000 +0800
@@ -15,6 +15,9 @@ int security_getenforce(void)
char path[PATH_MAX];
char buf[20];
if (cumulative || (!cumulative && !i)) + if (!selinux_mnt)
- printf("%10u %10u %10u %10u %10u %10u\n", + return -1;
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", +
tot.lookups, tot.hits, tot.misses, snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
tot.allocations, tot.reclaims, tot.frees); fd = open(path, O_RDONLY);
else { if (fd < 0)
@@ -205,7 +205,7 @@ diff -Nurp libselinux-1.29.7.orig/src/load_policy.c libselinux-1.29.7/src/load_policy.c
rel.allocations = tot.allocations - last.allocations; --- libselinux-1.29.7.orig/src/load_policy.c 2006-01-20 23:37:52.000000000 +0800
rel.reclaims = tot.reclaims - last.reclaims; +++ libselinux-1.29.7/src/load_policy.c 2006-05-31 20:49:33.000000000 +0800
rel.frees = tot.frees - last.frees; @@ -20,6 +20,9 @@ int security_load_policy(void *data, siz
- printf("%10u %10u %10u %10u %10u %10u\n", char path[PATH_MAX];
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n", int fd, ret;
rel.lookups, rel.hits, rel.misses,
rel.allocations, rel.reclaims, rel.frees); + if (!selinux_mnt)
} + return -1;
+
snprintf(path, sizeof path, "%s/load", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)
diff -Nurp libselinux-1.29.7.orig/src/policyvers.c libselinux-1.29.7/src/policyvers.c
--- libselinux-1.29.7.orig/src/policyvers.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/policyvers.c 2006-05-31 20:50:22.000000000 +0800
@@ -19,6 +19,9 @@ int security_policyvers(void)
char buf[20];
unsigned vers = DEFAULT_POLICY_VERSION;
+ if (!selinux_mnt)
+ return -1;
+
snprintf(path, sizeof path, "%s/policyvers", selinux_mnt);
fd = open(path, O_RDONLY);
if (fd < 0) {
diff -Nurp libselinux-1.29.7.orig/src/setenforce.c libselinux-1.29.7/src/setenforce.c
--- libselinux-1.29.7.orig/src/setenforce.c 2006-01-20 23:37:52.000000000 +0800
+++ libselinux-1.29.7/src/setenforce.c 2006-05-31 20:50:51.000000000 +0800
@@ -15,6 +15,9 @@ int security_setenforce(int value)
char path[PATH_MAX];
char buf[20];
+ if (!selinux_mnt)
+ return -1;
+
snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
fd = open(path, O_RDWR);
if (fd < 0)

View File

@ -2,10 +2,11 @@
Summary: SELinux library and simple utilities Summary: SELinux library and simple utilities
Name: libselinux Name: libselinux
Version: 1.30.11 Version: 1.30.11
Release: 1 Release: 2
License: Public domain (uncopyrighted) License: Public domain (uncopyrighted)
Group: System Environment/Libraries Group: System Environment/Libraries
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
Patch: libselinux-rhat.patch
BuildRequires: libsepol-devel >= %{libsepolver} swig BuildRequires: libsepol-devel >= %{libsepolver} swig
Requires: libsepol >= %{libsepolver} setransd Requires: libsepol >= %{libsepolver} setransd
@ -47,6 +48,7 @@ needed for developing SELinux applications.
%prep %prep
%setup -q %setup -q
%patch -p1 -b .rhat
%build %build
make clean make clean
@ -115,6 +117,9 @@ exit 0
%{_libdir}/python*/site-packages/selinux.py* %{_libdir}/python*/site-packages/selinux.py*
%changelog %changelog
* Thu Jun 1 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-2
- Check for selinux_mnt == NULL
* Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1 * Tue May 30 2006 Dan Walsh <dwalsh@redhat.com> 1.30.11-1
* Merged matchmediacon and trans_to_raw_context fixes from * Merged matchmediacon and trans_to_raw_context fixes from
Serge Hallyn. Serge Hallyn.