|
Hi Joshua and Eric, > Date: Wed, 23 Mar 2011 14:59:20 -0400 > From: method@xxxxxxxxxxxxxxx > To: eparis@xxxxxxxxxx > CC: qingtao.cao@xxxxxxxxxxxxx; sds@xxxxxxxxxxxxx; jmorris@xxxxxxxxx; eparis@xxxxxxxxxxxxxx; selinux@xxxxxxxxxxxxx > Subject: Re: [v0 PATCH 3/3] SELinux: Write class field in role_trans_write. > > Eric Paris wrote: > > On Wed, 2011-03-23 at 10:28 +0800, Harry Ciao wrote: > >> From: Harry Ciao<harrytaurus2002@xxxxxxxxxxx> > >> > >> If kernel policy version is>= 25, then write the class field of the > >> role_trans structure into the binary reprensentation. > >> > >> Signed-off-by: Harry Ciao<qingtao.cao@xxxxxxxxxxxxx> > > > > Looking at this patch (and the first one) I really start to feel like > > putting the class after the newrole on disk. It really would clean up > > the patches an! d the code to not insert the conditional in the middle of > > reading/writing and instead do it at the end.... > > He doesn't have to put it after new_role to clean up the conditional, just break > the buffer in 2. range_write() does this in userspace, I'm not sure what the > kernel interface looks like. I'd followed range_write() logic and used new_roletr in role_trans_write() similar to new_rangetr used in range_write(). Anyway, it won't take much extra effort to put the classes field after new_role in the binary representation, which does can make the code simpler :-) I will commit such change in the next version patches. Thanks, Harry > > > > >> --- > >> security/selinux/ss/policydb.c | 18 +++++++++++++----- > >> 1 files changed, 13 insertions(+), 5 deletions(-) > >> > >> diff --git a/security/selinux/ss/policydb.c b/secur! ity/selinux/ss/policydb.c > >> index b660f08..a6be0f5 1006 44 > >> --- a/security/selinux/ss/policydb.c > >> +++ b/security/selinux/ss/policydb.c > >> @@ -2450,10 +2450,11 @@ static int cat_write(void *vkey, void *datum, void *ptr) > >> return 0; > >> } > >> > >> -static int role_trans_write(struct role_trans *r, void *fp) > >> +static int role_trans_write(struct policydb *p, void *fp) > >> { > >> + struct role_trans *r = p->role_tr; > >> struct role_trans *tr; > >> - u32 buf[3]; > >> + u32 buf[4]; > >> size_t nel; > >> int rc; > >> > >> @@ -2467,8 +2468,15 @@ static int role_trans_write(struct role_trans *r, void *fp) > >> for (tr = r; tr; tr = tr->next) { > >> buf[0] = cpu_to_le32(tr->role); > >> buf[1] = cpu_to_le32(tr->type); > >> - buf[2] = ! cpu_to_le32(tr->new_role); > >> - rc = put_entry(buf, sizeof(u32), 3, fp); > >> + if (p->policyvers>= POLICYDB_VERSION_ROLETRANS) { > >> + buf[2] = cpu_to_le32(tr->cclass); > >> + buf[3] = cpu_to_le32(tr->new_role); > >> + rc = put_entry(buf, sizeof(u32), 4, fp); > >> + } else { > >> + buf[2] = cpu_to_le32(tr->new_role); > >> + rc = put_entry(buf, sizeof(u32), 3, fp); > >> + } > >> + > >> if (rc) > >> return rc; > >> } > >> @@ -3145,7 +3153,7 @@ int policydb_write(struct policydb *p, void *fp) > >> if (rc) > >> return rc; > >> > >> - rc = role_trans_write(p->role_tr, fp); > >> + rc = role_trans_write(p, fp); > >> if (rc) > >> return rc; > >> > >> > > > > > -- > > This message wa s distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > > the words "unsubscribe selinux" without quotes as the message. > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. |
