[Selinux-commits] SF.net SVN: selinux: [2048] trunk/libselinux

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2048
          http://svn.sourceforge.net/selinux/?rev=2048&view=rev
Author:   madmethod
Date:     2006-10-05 17:15:24 -0700 (Thu, 05 Oct 2006)

Log Message:
-----------
Author: Darrel Goeddel
Email: dgo...@Tr...
Subject: libselinux: always store raw contexts in the avc sidtab
Date: Thu, 05 Oct 2006 12:08:44 -0500

Always store raw contexts in the avc sidtab.  This is accomplished by
providing functions to deal with raw contexts when converting contexts
to sids and vice versa.  The security_compute_av is also switch to the raw
version because the contexts will now all be raw.  When the raw context is
being converted to a sid, there will be no overhead.  When a translated context
is converted, there will be a translation to raw for storage.  There conversion
back from sid to context via avc_context_to_sid() will translate the context,
while avc_context_to_sid_raw() will not.  These functions make it easy to
optimize some code paths be removing translations for contexts that will never
be presented to the user.

Signed-off-by: Darrel Goeddel <dgo...@tr...>

Acked-By: Joshua Brindle <jbr...@tr...>

Acked-By: Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/libselinux/include/selinux/avc.h
    trunk/libselinux/src/avc.c

Modified: trunk/libselinux/include/selinux/avc.h
===================================================================

--- trunk/libselinux/include/selinux/avc.h	2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/include/selinux/avc.h	2006-10-06 00:15:24 UTC (rev 2048)
@@ -38,6 +38,7 @@
  * available to make the copy, or %EINVAL if the input SID is invalid.
  */
 	int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+	int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
 
 /**
  * avc_context_to_sid - get SID for context.
@@ -51,6 +52,7 @@
  * returning %0 on success or -%1 on error with @errno set.  
  */
 	int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+	int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
 
 /**
  * sidget - increment SID reference counter.

Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c	2006-09-29 15:44:05 UTC (rev 2047)
+++ trunk/libselinux/src/avc.c	2006-10-06 00:15:24 UTC (rev 2048)
@@ -203,7 +203,7 @@
 	    & (AVC_CACHE_SLOTS - 1);
 }
 
-int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
 {
 	int rc;
 	avc_get_lock(avc_lock);
@@ -214,8 +214,23 @@
 	return rc;
 }
 
-int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
 {
+	int ret;
+	security_context_t rctx;
+
+	if (selinux_trans_to_raw_context(ctx, &rctx))
+		return -1;
+
+	ret = avc_context_to_sid_raw(rctx, sid);
+
+	freecon(rctx);
+
+	return ret;
+}
+
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx)
+{
 	int rc;
 	*ctx = NULL;
 	avc_get_lock(avc_lock);
@@ -230,6 +245,21 @@
 	return rc;
 }
 
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+{
+	int ret;
+	security_context_t rctx;
+
+	ret = avc_sid_to_context_raw(sid, &rctx);
+
+	if (ret == 0) {
+		ret = selinux_raw_to_trans_context(rctx, ctx);
+		freecon(rctx);
+	}
+
+	return ret;
+}
+
 int sidget(security_id_t sid)
 {
 	int rc;
@@ -935,8 +965,9 @@
 				rc = -1;
 				goto out;
 			}
-			rc = security_compute_av(ssid->ctx, tsid->ctx, tclass,
-						 requested, &entry.avd);
+			rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
+						     tclass, requested,
+						     &entry.avd);
 			if (rc)
 				goto out;
 			rc = avc_insert(ssid, tsid, tclass, &entry, aeref);


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


