RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

libsepol: Improve writing CIL category rules 

Improves writing of CIL category rules when converting MLS kernel
policy to CIL. No changes to functionality, but eliminate useless
checks for category aliases when using the p_cat_val_to_name array,
find the actual number of aliases before allocating memory, and
skip the category alias rules if there are no aliases.

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
This commit is contained in:
James Carter 2020-05-22 10:55:13 -04:00 committed by Stephen Smalley
parent 78228387a1
commit f94b1699a2
1 changed files with 29 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
libsepol/src/kernel_to_cil.c
View File

@ -886,6 +886,17 @@ exit:
return rc;
}
static int map_count_category_aliases(__attribute__((unused)) char *key, void *data, void *args)
{
cat_datum_t *cat = data;
unsigned *count = args;
if (cat->isalias)
(*count)++;
return SEPOL_OK;
}
static int map_category_aliases_to_strs(char *key, void *data, void *args)
{
cat_datum_t *cat = data;
@ -903,26 +914,13 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
{
cat_datum_t *cat;
char *prev, *name, *actual;
struct strs *strs;
unsigned i, num;
struct strs *strs = NULL;
unsigned i, num = 0;
int rc = 0;
rc = strs_init(&strs, pdb->p_levels.nprim);
if (rc != 0) {
goto exit;
}
/* categories */
for (i=0; i < pdb->p_cats.nprim; i++) {
name = pdb->p_cat_val_to_name[i];
if (!name) continue;
cat = hashtab_search(pdb->p_cats.table, name);
if (!cat) {
rc = -1;
goto exit;
}
if (cat->isalias) continue;
sepol_printf(out, "(category %s)\n", name);
}
@ -931,14 +929,6 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
prev = NULL;
for (i=0; i < pdb->p_cats.nprim; i++) {
name = pdb->p_cat_val_to_name[i];
if (!name) continue;
cat = hashtab_search(pdb->p_cats.table, name);
if (!cat) {
rc = -1;
goto exit;
}
if (cat->isalias) continue;
if (prev) {
sepol_printf(out, "%s ", prev);
}
@ -949,6 +939,22 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
}
sepol_printf(out, "))\n");
rc = hashtab_map(pdb->p_cats.table, map_count_category_aliases, &num);
if (rc != 0) {
goto exit;
}
if (num == 0) {
/* No aliases, so skip category alias rules */
rc = 0;
goto exit;
}
rc = strs_init(&strs, num);
if (rc != 0) {
goto exit;
}
rc = hashtab_map(pdb->p_cats.table, map_category_aliases_to_strs, strs);
if (rc != 0) {
goto exit;
@ -956,16 +962,9 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
strs_sort(strs);
num = strs_num_items(strs);
/* category aliases */
for (i=0; i < num; i++) {
name = strs_read_at_index(strs, i);
cat = hashtab_search(pdb->p_cats.table, name);
if (!cat) {
rc = -1;
goto exit;
}
sepol_printf(out, "(categoryalias %s)\n", name);
}