[Selinux-commits] SF.net SVN: selinux: [2374] branches/policyrep

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2374
          http://svn.sourceforge.net/selinux/?rev=2374&view=rev
Author:   ssmalley
Date:     2007-04-24 13:35:23 -0700 (Tue, 24 Apr 2007)

Log Message:
-----------
Ported r2368 thru r2373 (genhomedircon default handling, libsemanage optimizations, setsebool optimizations) from trunk.

Modified Paths:
--------------
    branches/policyrep/libsemanage/ChangeLog
    branches/policyrep/libsemanage/VERSION
    branches/policyrep/libsemanage/src/booleans_activedb.c
    branches/policyrep/libsemanage/src/direct_api.c
    branches/policyrep/policycoreutils/ChangeLog
    branches/policyrep/policycoreutils/VERSION
    branches/policyrep/policycoreutils/scripts/genhomedircon
    branches/policyrep/policycoreutils/setsebool/setsebool.c

Modified: branches/policyrep/libsemanage/ChangeLog
===================================================================

--- branches/policyrep/libsemanage/ChangeLog	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/ChangeLog	2007-04-24 20:35:23 UTC (rev 2374)
@@ -1,3 +1,8 @@
+2.0.2 2007-04-24
+	* Merged optimizations from Stephen Smalley.
+	  - do not set all booleans upon commit, only those whose values have changed
+	  - only install the sandbox upon commit if something was rebuilt
+
 2.0.1 2007-03-12
 	* Merged dbase_file_flush patch from Dan Walsh.
 	  This removes any mention of specific tools (e.g. semanage)

Modified: branches/policyrep/libsemanage/VERSION
===================================================================
--- branches/policyrep/libsemanage/VERSION	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/VERSION	2007-04-24 20:35:23 UTC (rev 2374)
@@ -1 +1 @@
-2.0.1
+2.0.2

Modified: branches/policyrep/libsemanage/src/booleans_activedb.c
===================================================================
--- branches/policyrep/libsemanage/src/booleans_activedb.c	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/src/booleans_activedb.c	2007-04-24 20:35:23 UTC (rev 2374)
@@ -92,8 +92,10 @@
 {
 
 	SELboolean *blist = NULL;
+	const char *name;
 	unsigned int bcount = 0;
 	unsigned int i;
+	int curvalue, newvalue;
 
 	/* Allocate a sufficiently large array */
 	blist = malloc(sizeof(SELboolean) * count);
@@ -102,11 +104,18 @@
 
 	/* Populate array */
 	for (i = 0; i < count; i++) {
-		blist[i].name = strdup(semanage_bool_get_name(booleans[i]));
+		name = semanage_bool_get_name(booleans[i]);
+		if (!name)
+			goto omem;	
+		newvalue = semanage_bool_get_value(booleans[i]);
+		curvalue = security_get_boolean_active(name);
+		if (newvalue == curvalue)
+			continue;
+		blist[bcount].name = strdup(name);
+		if (blist[bcount].name == NULL)
+			goto omem;
+		blist[bcount].value = newvalue;
 		bcount++;
-		if (blist[i].name == NULL)
-			goto omem;
-		blist[i].value = semanage_bool_get_value(booleans[i]);
 	}
 
 	/* Commit */

Modified: branches/policyrep/libsemanage/src/direct_api.c
===================================================================
--- branches/policyrep/libsemanage/src/direct_api.c	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/libsemanage/src/direct_api.c	2007-04-24 20:35:23 UTC (rev 2374)
@@ -699,7 +699,9 @@
 	if (retval < 0)
 		goto cleanup;
 
-	retval = semanage_install_sandbox(sh);
+	if (sh->do_rebuild || modified) {
+		retval = semanage_install_sandbox(sh);
+	}
 
       cleanup:
 	for (i = 0; mod_filenames != NULL && i < num_modfiles; i++) {

Modified: branches/policyrep/policycoreutils/ChangeLog
===================================================================
--- branches/policyrep/policycoreutils/ChangeLog	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/ChangeLog	2007-04-24 20:35:23 UTC (rev 2374)
@@ -1,3 +1,9 @@
+2.0.13 2007-04-24
+	* Merged setsebool patch to only use libsemanage for persistent boolean changes from Stephen Smalley.
+
+2.0.12 2007-04-24
+	* Merged genhomedircon patch to use the __default__ setting from Dan Walsh.
+
 2.0.11 2007-04-24
 	* Dropped -b option from load_policy in preparation for always preserving booleans across reloads in the kernel.
 

Modified: branches/policyrep/policycoreutils/VERSION
===================================================================
--- branches/policyrep/policycoreutils/VERSION	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/VERSION	2007-04-24 20:35:23 UTC (rev 2374)
@@ -1 +1 @@
-2.0.11
+2.0.13

Modified: branches/policyrep/policycoreutils/scripts/genhomedircon
===================================================================
--- branches/policyrep/policycoreutils/scripts/genhomedircon	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/scripts/genhomedircon	2007-04-24 20:35:23 UTC (rev 2374)
@@ -136,6 +136,9 @@
 		self.contextdir = "/contexts"
 		self.filecontextdir = self.contextdir+"/files"
 		self.usepwd = usepwd
+		self.default_user = "user_u"
+		self.default_prefix = "user"
+		self.users = self.getUsers()
 
 	def getFileContextDir(self):
 		return self.selinuxdir+self.type+self.filecontextdir
@@ -212,6 +215,10 @@
 		prefs["prefix"] = prefix
 		prefs["home"] = home
 		udict[user] = prefs
+			
+	def setDefaultUser(self, user, prefix):
+		self.default_user = user
+		self.default_prefix = prefix
 		
 	def getUsers(self):
 		udict = {}
@@ -220,7 +227,11 @@
 			for seuser in list:
 				user = []
 				seusername = semanage_seuser_get_sename(seuser)
-				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, self.get_default_prefix(seusername))
+				prefix = self.get_default_prefix(seusername)
+				if semanage_seuser_get_name(seuser) == "__default__":
+					self.setDefaultUser(seusername, prefix)
+
+				self.adduser(udict, semanage_seuser_get_name(seuser), seusername, prefix)
 				
 		else:
 			try:
@@ -270,12 +281,11 @@
 		return ret
 
 	def genHomeDirContext(self):
-		users = self.getUsers()
 		ret = ""
 		# Fill in HOME and prefix for users that are defined
-		for u in users.keys():
-			ret += self.getHomeDirContext (u, users[u]["seuser"], users[u]["home"], users[u]["prefix"])
-			ret += self.getUserContext (u, users[u]["seuser"], users[u]["prefix"])
+		for u in self.users.keys():
+			ret += self.getHomeDirContext (u, self.users[u]["seuser"], self.users[u]["home"], self.users[u]["prefix"])
+			ret += self.getUserContext (u, self.users[u]["seuser"], self.users[u]["prefix"])
 		return ret+"\n"
 
 	def checkExists(self, home):
@@ -322,9 +332,9 @@
 	def genoutput(self):
 		ret = self.heading()
 		for h in self.getHomeDirs():
-			ret += self.getHomeDirContext ("user_u", "user_u" , h+'/[^/]*', "user")
+			ret += self.getHomeDirContext (self.default_user, self.default_user, h+'/[^/]*', self.default_prefix)
 			ret += self.getHomeRootContext(h)
-		ret += self.getUserContext(".*", "user_u", "user") + "\n"
+		ret += self.getUserContext(".*", self.default_user, self.default_prefix) + "\n"
 		ret += self.genHomeDirContext()
 		return ret
 

Modified: branches/policyrep/policycoreutils/setsebool/setsebool.c
===================================================================
--- branches/policyrep/policycoreutils/setsebool/setsebool.c	2007-04-24 20:23:46 UTC (rev 2373)
+++ branches/policyrep/policycoreutils/setsebool/setsebool.c	2007-04-24 20:35:23 UTC (rev 2374)
@@ -73,12 +73,12 @@
 	return rc;
 }
 
-/* Apply boolean changes to policy via libselinux */
+/* Apply temporal boolean changes to policy via libselinux */
 static int selinux_set_boolean_list(size_t boolcnt,
-				    SELboolean * boollist, int perm)
+				    SELboolean * boollist)
 {
 
-	if (security_set_boolean_list(boolcnt, boollist, perm)) {
+	if (security_set_boolean_list(boolcnt, boollist, 0)) {
 		if (errno == ENOENT)
 			fprintf(stderr, "Could not change active booleans: "
 				"Invalid boolean\n");
@@ -91,9 +91,9 @@
 	return 0;
 }
 
-/* Apply (permanent) boolean changes to policy via libsemanage */
+/* Apply permanent boolean changes to policy via libsemanage */
 static int semanage_set_boolean_list(size_t boolcnt,
-				     SELboolean * boollist, int perm)
+				     SELboolean * boollist)
 {
 
 	size_t j;
@@ -115,9 +115,9 @@
 		goto err;
 
 	} else if (managed == 0) {
-		if (selinux_set_boolean_list(boolcnt, boollist, perm) < 0)
-			goto err;
-		goto out;
+		fprintf(stderr,
+			"Cannot set persistent booleans without managed policy.\n");
+		goto err;
 	}
 
 	if (semanage_connect(handle) < 0)
@@ -140,8 +140,7 @@
 		if (semanage_bool_key_extract(handle, boolean, &bool_key) < 0)
 			goto err;
 
-		if (perm
-		    && semanage_bool_modify_local(handle, bool_key,
+		if (semanage_bool_modify_local(handle, bool_key,
 						  boolean) < 0)
 			goto err;
 
@@ -224,8 +223,13 @@
 		*value_ptr = '=';
 	}
 
-	if (semanage_set_boolean_list(boolcnt, vallist, permanent) < 0)
-		goto err;
+	if (permanent) {
+		if (semanage_set_boolean_list(boolcnt, vallist) < 0)
+			goto err;
+	} else {
+		if (selinux_set_boolean_list(boolcnt, vallist) < 0)
+			goto err;
+	}
 
 	/* Now log what was done */
 	pwd = getpwuid(getuid());


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


