On 03/31/2015 01:18 PM, James Carter wrote: > Add a new function, sepol_module_policydb_to_cil, that generates > CIL from a module (not kernel) policydb. Refactor > sepol_module_package_to_cil() to use the new function. > > Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx> > --- > libsepol/include/sepol/module_to_cil.h | 2 + > libsepol/src/module_to_cil.c | 367 ++++++++++++++++++++++----------- > 2 files changed, 254 insertions(+), 115 deletions(-) > > diff --git a/libsepol/include/sepol/module_to_cil.h b/libsepol/include/sepol/module_to_cil.h > index 1d0225c..18bb3bf 100644 > --- a/libsepol/include/sepol/module_to_cil.h > +++ b/libsepol/include/sepol/module_to_cil.h > @@ -1,6 +1,8 @@ > #include <stdlib.h> > > #include <sepol/module.h> > +#include <sepol/policydb/policydb.h> > > +int sepol_module_policydb_to_cil(FILE *fp, struct policydb *pdb, int linked); > int sepol_module_package_to_cil(FILE *fp, struct sepol_module_package *mod_pkg); > int sepol_ppfile_to_module_package(FILE *fp, struct sepol_module_package **mod_pkg); One potential issue with these functions is that they aren't thread safe due to the use of globals with role_list and typealias_lists. When pp was a single binary this wasn't a big deal (and greatly simplified the code), but now that it's part of libsepol it could potentially cause issues. Not sure if it's worth the complexity to change it so either they aren't global variables, or make them thread local variables. Alternatively, we could just document the functions as not thread safe. - Steve _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
