From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Add sidtab_context_lookup() to just lookup a context, not inserting non-existent ones. Tweak sidtab_destroy() to accept a zero'ed struct sidtab. Remove redundant lookup in sidtab_context_to_sid() after insertion by returning the newly created node directly from sidtab_insert(). Drop declaration of only internal used sidtab_insert(). Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- v3: use sidtab_context_lookup() in sidtab_context_to_sid() v2: add patch --- libselinux/src/avc_sidtab.c | 68 ++++++++++++++++++++----------------- libselinux/src/avc_sidtab.h | 2 +- 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c index 9475dcb0..cb7dfc1d 100644 --- a/libselinux/src/avc_sidtab.c +++ b/libselinux/src/avc_sidtab.c @@ -44,28 +44,23 @@ int sidtab_init(struct sidtab *s) return rc; } -int sidtab_insert(struct sidtab *s, const char * ctx) +static struct sidtab_node * +sidtab_insert(struct sidtab *s, const char * ctx) { unsigned hvalue; - int rc = 0; struct sidtab_node *newnode; char * newctx; - if (s->nel >= UINT_MAX - 1) { - rc = -1; - goto out; - } + if (s->nel >= UINT_MAX - 1) + return NULL; newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode)); - if (!newnode) { - rc = -1; - goto out; - } + if (!newnode) + return NULL; newctx = strdup(ctx); if (!newctx) { - rc = -1; avc_free(newnode); - goto out; + return NULL; } hvalue = sidtab_hash(newctx); @@ -73,36 +68,48 @@ int sidtab_insert(struct sidtab *s, const char * ctx) newnode->sid_s.ctx = newctx; newnode->sid_s.id = ++s->nel; s->htable[hvalue] = newnode; - out: - return rc; + return newnode; } -int -sidtab_context_to_sid(struct sidtab *s, - const char * ctx, security_id_t * sid) +const struct security_id * +sidtab_context_lookup(const struct sidtab *s, const char *ctx) { unsigned hvalue; - int rc = 0; - struct sidtab_node *cur; + const struct sidtab_node *cur; - *sid = NULL; hvalue = sidtab_hash(ctx); - loop: cur = s->htable[hvalue]; while (cur != NULL && strcmp(cur->sid_s.ctx, ctx)) cur = cur->next; - if (cur == NULL) { /* need to make a new entry */ - rc = sidtab_insert(s, ctx); - if (rc) - goto out; - goto loop; /* find the newly inserted node */ + if (cur == NULL) + return NULL; + + return &cur->sid_s; +} + +int +sidtab_context_to_sid(struct sidtab *s, + const char * ctx, security_id_t * sid) +{ + struct sidtab_node *new; + const struct security_id *lookup_sid = sidtab_context_lookup(s, ctx); + + if (lookup_sid) { + /* Dropping const is fine since our sidtab parameter is non-const. */ + *sid = (struct security_id *)lookup_sid; + return 0; } - *sid = &cur->sid_s; - out: - return rc; + new = sidtab_insert(s, ctx); + if (new == NULL) { + *sid = NULL; + return -1; + } + + *sid = &new->sid_s; + return 0; } void sidtab_sid_stats(const struct sidtab *s, char *buf, size_t buflen) @@ -138,7 +145,7 @@ void sidtab_destroy(struct sidtab *s) int i; struct sidtab_node *cur, *temp; - if (!s) + if (!s || !s->htable) return; for (i = 0; i < SIDTAB_SIZE; i++) { @@ -149,7 +156,6 @@ void sidtab_destroy(struct sidtab *s) freecon(temp->sid_s.ctx); avc_free(temp); } - s->htable[i] = NULL; } avc_free(s->htable); s->htable = NULL; diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h index e823e3f3..f62fd353 100644 --- a/libselinux/src/avc_sidtab.h +++ b/libselinux/src/avc_sidtab.h @@ -24,8 +24,8 @@ struct sidtab { }; int sidtab_init(struct sidtab *s) ; -int sidtab_insert(struct sidtab *s, const char * ctx) ; +const struct security_id * sidtab_context_lookup(const struct sidtab *s, const char *ctx); int sidtab_context_to_sid(struct sidtab *s, const char * ctx, security_id_t * sid) ; -- 2.45.2