On Mon, Oct 03, 2016 at 11:46:19AM +0100, Gary Tierney wrote: > Pre-expands the role and user caches used in context validation when > conerting a cildb to a binary policydb. This is currently only done > when loading a binary policy and prevents context validation from > working correctly with a newly built policy (i.e., when semanage builds > a new policy and then runs genhomedircon). > > Also adds declarations for the hashtable mapping functions used: > policydb_role_cache and policydb_user_cache(). > > Signed-off-by: Gary Tierney <gary.tierney@xxxxxxx> > --- > libsepol/cil/src/cil_binary.c | 7 +++++++ > libsepol/include/sepol/policydb/policydb.h | 8 ++++++++ > 2 files changed, 15 insertions(+) > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index cc73648..200101e 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -4794,6 +4794,13 @@ int cil_binary_create_allocated_pdb(const struct cil_db *db, sepol_policydb_t *p > > } > > + /* This pre-expands the roles and users for context validity checking */ > + if (hashtab_map(pdb->p_roles.table, policydb_role_cache, pdb)) > + return -1; > + > + if (hashtab_map(pdb->p_users.table, policydb_user_cache, pdb)) > + return -1; > + > rc = SEPOL_OK; > > exit: > diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h > index 26cec13..d99fcf4 100644 > --- a/libsepol/include/sepol/policydb/policydb.h > +++ b/libsepol/include/sepol/policydb/policydb.h > @@ -608,6 +608,14 @@ extern int policydb_index_bools(policydb_t * p); > extern int policydb_index_others(sepol_handle_t * handle, policydb_t * p, > unsigned int verbose); > > +extern int policydb_role_cache(hashtab_key_t key, > + hashtab_datum_t datum, > + void *arg); > + > +extern int policydb_user_cache(hashtab_key_t key, > + hashtab_datum_t datum, > + void *arg); > + > extern int policydb_reindex_users(policydb_t * p); > > extern void policydb_destroy(policydb_t * p); > -- > 2.4.11 > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. Ah, that return should be a goto. Sending a v2. -- Gary Tierney GPG fingerprint: 412C 0EF9 C305 68E6 B660 BDAF 706E D765 85AA 79D8 https://sks-keyservers.net/pks/lookup?op=get&search=0x706ED76585AA79D8
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
