From 90b1c237a57a34be5ad253f760820044cc357674 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 5 Nov 2024 19:33:15 +0100 Subject: [PATCH] libselinux: sidtab updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add sidtab_context_lookup() to just lookup a context, not inserting non-existent ones. Tweak sidtab_destroy() to accept a zero'ed struct sidtab. Remove redundant lookup in sidtab_context_to_sid() after insertion by returning the newly created node directly from sidtab_insert(). Drop declaration of only internal used sidtab_insert(). Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/avc_sidtab.c | 76 ++++++++++++++++++++----------------- libselinux/src/avc_sidtab.h | 2 +- 2 files changed, 42 insertions(+), 36 deletions(-) diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c index 9475dcb0..cb7dfc1d 100644 --- a/libselinux/src/avc_sidtab.c +++ b/libselinux/src/avc_sidtab.c @@ -44,28 +44,23 @@ int sidtab_init(struct sidtab *s) return rc; } -int sidtab_insert(struct sidtab *s, const char * ctx) +static struct sidtab_node * +sidtab_insert(struct sidtab *s, const char * ctx) { unsigned hvalue; - int rc = 0; struct sidtab_node *newnode; char * newctx; - if (s->nel >= UINT_MAX - 1) { - rc = -1; - goto out; - } + if (s->nel >= UINT_MAX - 1) + return NULL; newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode)); - if (!newnode) { - rc = -1; - goto out; - } + if (!newnode) + return NULL; newctx = strdup(ctx); if (!newctx) { - rc = -1; avc_free(newnode); - goto out; + return NULL; } hvalue = sidtab_hash(newctx); @@ -73,36 +68,48 @@ int sidtab_insert(struct sidtab *s, const char * ctx) newnode->sid_s.ctx = newctx; newnode->sid_s.id = ++s->nel; s->htable[hvalue] = newnode; - out: - return rc; + return newnode; +} + +const struct security_id * +sidtab_context_lookup(const struct sidtab *s, const char *ctx) +{ + unsigned hvalue; + const struct sidtab_node *cur; + + hvalue = sidtab_hash(ctx); + + cur = s->htable[hvalue]; + while (cur != NULL && strcmp(cur->sid_s.ctx, ctx)) + cur = cur->next; + + if (cur == NULL) + return NULL; + + return &cur->sid_s; } int sidtab_context_to_sid(struct sidtab *s, const char * ctx, security_id_t * sid) { - unsigned hvalue; - int rc = 0; - struct sidtab_node *cur; + struct sidtab_node *new; + const struct security_id *lookup_sid = sidtab_context_lookup(s, ctx); - *sid = NULL; - hvalue = sidtab_hash(ctx); - - loop: - cur = s->htable[hvalue]; - while (cur != NULL && strcmp(cur->sid_s.ctx, ctx)) - cur = cur->next; - - if (cur == NULL) { /* need to make a new entry */ - rc = sidtab_insert(s, ctx); - if (rc) - goto out; - goto loop; /* find the newly inserted node */ + if (lookup_sid) { + /* Dropping const is fine since our sidtab parameter is non-const. */ + *sid = (struct security_id *)lookup_sid; + return 0; } - *sid = &cur->sid_s; - out: - return rc; + new = sidtab_insert(s, ctx); + if (new == NULL) { + *sid = NULL; + return -1; + } + + *sid = &new->sid_s; + return 0; } void sidtab_sid_stats(const struct sidtab *s, char *buf, size_t buflen) @@ -138,7 +145,7 @@ void sidtab_destroy(struct sidtab *s) int i; struct sidtab_node *cur, *temp; - if (!s) + if (!s || !s->htable) return; for (i = 0; i < SIDTAB_SIZE; i++) { @@ -149,7 +156,6 @@ void sidtab_destroy(struct sidtab *s) freecon(temp->sid_s.ctx); avc_free(temp); } - s->htable[i] = NULL; } avc_free(s->htable); s->htable = NULL; diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h index e823e3f3..f62fd353 100644 --- a/libselinux/src/avc_sidtab.h +++ b/libselinux/src/avc_sidtab.h @@ -24,8 +24,8 @@ struct sidtab { }; int sidtab_init(struct sidtab *s) ; -int sidtab_insert(struct sidtab *s, const char * ctx) ; +const struct security_id * sidtab_context_lookup(const struct sidtab *s, const char *ctx); int sidtab_context_to_sid(struct sidtab *s, const char * ctx, security_id_t * sid) ;