Re: [v0 PATCH 3/3] SELinux: Write class field in role_trans_write.

Eric Paris <eparis@xxxxxxxxxx> · Wed, 23 Mar 2011 10:48:30 -0400

On Wed, 2011-03-23 at 10:28 +0800, Harry Ciao wrote:
> From: Harry Ciao <harrytaurus2002@xxxxxxxxxxx>
> 
> If kernel policy version is >= 25, then write the class field of the
> role_trans structure into the binary reprensentation.
> 
> Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx>

Looking at this patch (and the first one) I really start to feel like
putting the class after the newrole on disk.  It really would clean up
the patches and the code to not insert the conditional in the middle of
reading/writing and instead do it at the end....

> ---
>  security/selinux/ss/policydb.c |   18 +++++++++++++-----
>  1 files changed, 13 insertions(+), 5 deletions(-)
> 
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index b660f08..a6be0f5 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -2450,10 +2450,11 @@ static int cat_write(void *vkey, void *datum, void *ptr)
>  	return 0;
>  }
>  
> -static int role_trans_write(struct role_trans *r, void *fp)
> +static int role_trans_write(struct policydb *p, void *fp)
>  {
> +	struct role_trans *r = p->role_tr;
>  	struct role_trans *tr;
> -	u32 buf[3];
> +	u32 buf[4];
>  	size_t nel;
>  	int rc;
>  
> @@ -2467,8 +2468,15 @@ static int role_trans_write(struct role_trans *r, void *fp)
>  	for (tr = r; tr; tr = tr->next) {
>  		buf[0] = cpu_to_le32(tr->role);
>  		buf[1] = cpu_to_le32(tr->type);
> -		buf[2] = cpu_to_le32(tr->new_role);
> -		rc = put_entry(buf, sizeof(u32), 3, fp);
> +		if (p->policyvers >= POLICYDB_VERSION_ROLETRANS) {
> +			buf[2] = cpu_to_le32(tr->cclass);
> +			buf[3] = cpu_to_le32(tr->new_role);
> +			rc = put_entry(buf, sizeof(u32), 4, fp);
> +		} else {
> +			buf[2] = cpu_to_le32(tr->new_role);
> +			rc = put_entry(buf, sizeof(u32), 3, fp);
> +		}
> +
>  		if (rc)
>  			return rc;
>  	}
> @@ -3145,7 +3153,7 @@ int policydb_write(struct policydb *p, void *fp)
>  	if (rc)
>  		return rc;
>  
> -	rc = role_trans_write(p->role_tr, fp);
> +	rc = role_trans_write(p, fp);
>  	if (rc)
>  		return rc;
>  

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.