On Wed, Sep 13, 2023 at 12:12 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Thu, Sep 7, 2023 at 1:42 PM Stephen Smalley > <stephen.smalley.work@xxxxxxxxx> wrote: > > On Fri, Aug 18, 2023 at 11:12 AM Christian Göttsche > > <cgzones@xxxxxxxxxxxxxx> wrote: > > > > > > Dump in the SELinux debug configuration the statistics for the > > > conditional rules avtab, the role transition, and class and common > > > permission hash tables. > > > > > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > > --- > > > > > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c > > > index 84f02d4f8093..932e383bcad6 100644 > > > --- a/security/selinux/ss/policydb.c > > > +++ b/security/selinux/ss/policydb.c > > > @@ -1158,6 +1158,8 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) > > > goto bad; > > > } > > > > > > + hash_eval(&comdatum->permissions.table, "common_permissions"); > > > + > > > rc = symtab_insert(s, key, comdatum); > > > if (rc) > > > goto bad; > > > @@ -1339,6 +1341,8 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) > > > goto bad; > > > } > > > > > > + hash_eval(&cladatum->permissions.table, "class_permissions"); > > > + > > > rc = read_cons_helper(p, &cladatum->constraints, ncons, 0, fp); > > > if (rc) > > > goto bad; > > > > Do we want to embed the actual common and class keys in the output to > > distinguish among the multiple common and class permissions tables? > > That seems reasonable, were you thinking of just adding it to the > hash_eval()'s hash name string, e.g. "common_permissions[XXX]"? Yes, otherwise you get a bunch of common_permissions and class_permissions lines with no way to correlate.
