Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2048] trunk/libselinux
|
From: <mad...@us...> - 2006-10-06 00:15:28
|
Revision: 2048
http://svn.sourceforge.net/selinux/?rev=2048&view=rev
Author: madmethod
Date: 2006-10-05 17:15:24 -0700 (Thu, 05 Oct 2006)
Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: libselinux: always store raw contexts in the avc sidtab
Date: Thu, 05 Oct 2006 12:08:44 -0500
Always store raw contexts in the avc sidtab. This is accomplished by
providing functions to deal with raw contexts when converting contexts
to sids and vice versa. The security_compute_av is also switch to the raw
version because the contexts will now all be raw. When the raw context is
being converted to a sid, there will be no overhead. When a translated context
is converted, there will be a translation to raw for storage. There conversion
back from sid to context via avc_context_to_sid() will translate the context,
while avc_context_to_sid_raw() will not. These functions make it easy to
optimize some code paths be removing translations for contexts that will never
be presented to the user.
Signed-off-by: Darrel Goeddel <dgo...@tr...>
Acked-By: Joshua Brindle <jbr...@tr...>
Acked-By: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/include/selinux/avc.h
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/include/selinux/avc.h
===================================================================
--- trunk/libselinux/include/selinux/avc.h 2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/include/selinux/avc.h 2006-10-06 00:15:24 UTC (rev 2048)
@@ -38,6 +38,7 @@
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+ int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,6 +52,7 @@
* returning %0 on success or -%1 on error with @errno set.
*/
int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+ int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/src/avc.c 2006-10-06 00:15:24 UTC (rev 2048)
@@ -203,7 +203,7 @@
& (AVC_CACHE_SLOTS - 1);
}
-int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
{
int rc;
avc_get_lock(avc_lock);
@@ -214,8 +214,23 @@
return rc;
}
-int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
{
+ int ret;
+ security_context_t rctx;
+
+ if (selinux_trans_to_raw_context(ctx, &rctx))
+ return -1;
+
+ ret = avc_context_to_sid_raw(rctx, sid);
+
+ freecon(rctx);
+
+ return ret;
+}
+
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx)
+{
int rc;
*ctx = NULL;
avc_get_lock(avc_lock);
@@ -230,6 +245,21 @@
return rc;
}
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+{
+ int ret;
+ security_context_t rctx;
+
+ ret = avc_sid_to_context_raw(sid, &rctx);
+
+ if (ret == 0) {
+ ret = selinux_raw_to_trans_context(rctx, ctx);
+ freecon(rctx);
+ }
+
+ return ret;
+}
+
int sidget(security_id_t sid)
{
int rc;
@@ -935,8 +965,9 @@
rc = -1;
goto out;
}
- rc = security_compute_av(ssid->ctx, tsid->ctx, tclass,
- requested, &entry.avd);
+ rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
if (rc)
goto out;
rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
