Re: [v0 PATCH 3/3] SELinux: Write class field in role_trans_write.

[Joshua Brindle <method@xxxxxxxxxxxxxxx>]

Eric Paris wrote:
> On Wed, 2011-03-23 at 10:28 +0800, Harry Ciao wrote:
> > From: Harry Ciao<harrytaurus2002@xxxxxxxxxxx>
> >
> > If kernel policy version is>= 25, then write the class field of the
> > role_trans structure into the binary reprensentation.
> >
> > Signed-off-by: Harry Ciao<qingtao.cao@xxxxxxxxxxxxx>
>
> Looking at this patch (and the first one) I really start to feel like
> putting the class after the newrole on disk.  It really would clean up
> the patches and the code to not insert the conditional in the middle of
> reading/writing and instead do it at the end....

He doesn't have to put it after new_role to clean up the conditional, just break 
the buffer in 2. range_write() does this in userspace, I'm not sure what the 
kernel interface looks like.

> > ---
> >   security/selinux/ss/policydb.c |   18 +++++++++++++-----
> >   1 files changed, 13 insertions(+), 5 deletions(-)
> >
> > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> > index b660f08..a6be0f5 100644
> > --- a/security/selinux/ss/policydb.c
> > +++ b/security/selinux/ss/policydb.c
> > @@ -2450,10 +2450,11 @@ static int cat_write(void *vkey, void *datum, void *ptr)
> >   	return 0;
> >   }
> >
> > -static int role_trans_write(struct role_trans *r, void *fp)
> > +static int role_trans_write(struct policydb *p, void *fp)
> >   {
> > +	struct role_trans *r = p->role_tr;
> >   	struct role_trans *tr;
> > -	u32 buf[3];
> > +	u32 buf[4];
> >   	size_t nel;
> >   	int rc;
> >
> > @@ -2467,8 +2468,15 @@ static int role_trans_write(struct role_trans *r, void *fp)
> >   	for (tr = r; tr; tr = tr->next) {
> >   		buf[0] = cpu_to_le32(tr->role);
> >   		buf[1] = cpu_to_le32(tr->type);
> > -		buf[2] = cpu_to_le32(tr->new_role);
> > -		rc = put_entry(buf, sizeof(u32), 3, fp);
> > +		if (p->policyvers>= POLICYDB_VERSION_ROLETRANS) {
> > +			buf[2] = cpu_to_le32(tr->cclass);
> > +			buf[3] = cpu_to_le32(tr->new_role);
> > +			rc = put_entry(buf, sizeof(u32), 4, fp);
> > +		} else {
> > +			buf[2] = cpu_to_le32(tr->new_role);
> > +			rc = put_entry(buf, sizeof(u32), 3, fp);
> > +		}
> > +
> >   		if (rc)
> >   			return rc;
> >   	}
> > @@ -3145,7 +3153,7 @@ int policydb_write(struct policydb *p, void *fp)
> >   	if (rc)
> >   		return rc;
> >
> > -	rc = role_trans_write(p->role_tr, fp);
> > +	rc = role_trans_write(p, fp);
> >   	if (rc)
> >   		return rc;
>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
> the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.