On Thu, May 21, 2020 at 3:16 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> On Thu, May 21, 2020 at 5:25 PM James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > Improves writing of CIL sensitivity rules when converting MLS kernel
> > policy to CIL. No changes to functionality, but eliminate useless
> > checks for sensitivity aliases when using the p_sens_val_to_name
> > array, find the actual number of aliases before allocating memory,
> > and skip the sensitivity alias rules if there are no aliases.
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> > libsepol/src/kernel_to_cil.c | 59 ++++++++++++++++++------------------
> > 1 file changed, 29 insertions(+), 30 deletions(-)
> >
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index cca77251..6103c1a6 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -782,6 +782,17 @@ static void write_default_mls_level(FILE *out)
> > sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL);
> > }
> >
> > +static int map_count_sensitivity_aliases(char *key, void *data, void *args)
> > +{
> > + level_datum_t *sens = data;
> > + unsigned *count = args;
> > +
> > + if (sens->isalias)
> > + (*count)++;
> > +
> > + return SEPOL_OK;
> > +}
>
> Hello,
> This patch looks good to me, but building fails because of an unused
> parameter (here and in other patches),
> https://travis-ci.org/github/fishilico/selinux/jobs/689760790#L2029 :
>
> kernel_to_cil.c: In function ‘map_count_sensitivity_aliases’:
> kernel_to_cil.c:785:48: error: unused parameter ‘key’ [-Werror=unused-parameter]
> static int map_count_sensitivity_aliases(char *key, void *data, void *args)
> ^~~
> kernel_to_cil.c: In function ‘map_count_category_aliases’:
> kernel_to_cil.c:889:45: error: unused parameter ‘key’ [-Werror=unused-parameter]
> static int map_count_category_aliases(char *key, void *data, void *args)
> ^~~
> kernel_to_cil.c: In function ‘map_count_type_aliases’:
> kernel_to_cil.c:1368:41: error: unused parameter ‘key’
> [-Werror=unused-parameter]
> static int map_count_type_aliases(char *key, void *data, void *args)
> ^~~
>
> Other functions use __attribute__((unused)) so you could probably use
> it too in these functions.
>
Thanks, I'll update these patches and resend.
Jim
> Thanks,
> Nicolas
>
> > +
> > static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args)
> > {
> > level_datum_t *sens = data;
> > @@ -799,26 +810,13 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
> > {
> > level_datum_t *level;
> > char *prev, *name, *actual;
> > - struct strs *strs;
> > - unsigned i, num;
> > + struct strs *strs = NULL;
> > + unsigned i, num = 0;
> > int rc = 0;
> >
> > - rc = strs_init(&strs, pdb->p_levels.nprim);
> > - if (rc != 0) {
> > - goto exit;
> > - }
> > -
> > /* sensitivities */
> > for (i=0; i < pdb->p_levels.nprim; i++) {
> > name = pdb->p_sens_val_to_name[i];
> > - if (!name) continue;
> > - level = hashtab_search(pdb->p_levels.table, name);
> > - if (!level) {
> > - rc = -1;
> > - goto exit;
> > - }
> > - if (level->isalias) continue;
> > -
> > sepol_printf(out, "(sensitivity %s)\n", name);
> > }
> >
> > @@ -827,14 +825,6 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
> > prev = NULL;
> > for (i=0; i < pdb->p_levels.nprim; i++) {
> > name = pdb->p_sens_val_to_name[i];
> > - if (!name) continue;
> > - level = hashtab_search(pdb->p_levels.table, name);
> > - if (!level) {
> > - rc = -1;
> > - goto exit;
> > - }
> > - if (level->isalias) continue;
> > -
> > if (prev) {
> > sepol_printf(out, "%s ", prev);
> > }
> > @@ -845,6 +835,22 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
> > }
> > sepol_printf(out, "))\n");
> >
> > + rc = hashtab_map(pdb->p_levels.table, map_count_sensitivity_aliases, &num);
> > + if (rc != 0) {
> > + goto exit;
> > + }
> > +
> > + if (num == 0) {
> > + /* No aliases, so skip sensitivity alias rules */
> > + rc = 0;
> > + goto exit;
> > + }
> > +
> > + rc = strs_init(&strs, num);
> > + if (rc != 0) {
> > + goto exit;
> > + }
> > +
> > rc = hashtab_map(pdb->p_levels.table, map_sensitivity_aliases_to_strs, strs);
> > if (rc != 0) {
> > goto exit;
> > @@ -852,16 +858,9 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
> >
> > strs_sort(strs);
> >
> > - num = strs_num_items(strs);
> > -
> > /* sensitivity aliases */
> > for (i=0; i < num; i++) {
> > name = strs_read_at_index(strs, i);
> > - level = hashtab_search(pdb->p_levels.table, name);
> > - if (!level) {
> > - rc = -1;
> > - goto exit;
> > - }
> > sepol_printf(out, "(sensitivityalias %s)\n", name);
> > }
> >
> > --
> > 2.25.4
> >
>
