rpms / libsemanage

Clone
Source Code
GIT

Blame SOURCES/0001-Skip-policy-module-re-link-when-only-setting-boolean.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   b37ca7cef04fdf731c65afe404c0f292cdcfd52d
  2.   SOURCES
  3.   0001-Skip-policy-module-re-link-when-only-setting-boolean.patch
Blob History Raw
b37ca7 
commit d7a44033e8488106579be9923c67c70546943a41
b37ca7 
Author: Stephen Smalley <sds@tycho.nsa.gov>
b37ca7 
Date:   Fri Jul 25 12:05:43 2014 -0400
b37ca7
b37ca7 
    Skip policy module re-link when only setting booleans.
b37ca7
b37ca7 
    Since booleans are only set, not added/removed, we do not need to re-link
b37ca7 
    modules when setting them.  We can instead just take the existing binary
b37ca7 
    policy and mutate it for the new values.
b37ca7
b37ca7 
    Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
b37ca7
b37ca7 
diff --git a/src/direct_api.c b/src/direct_api.c
b37ca7 
index 64dc7d9..5b94725 100644
b37ca7 
--- a/src/direct_api.c
b37ca7 
+++ b/src/direct_api.c
b37ca7 
@@ -690,7 +690,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7 
 	/* Declare some variables */
b37ca7 
 	int modified = 0, fcontexts_modified, ports_modified,
b37ca7 
 	    seusers_modified, users_extra_modified, dontaudit_modified,
b37ca7 
-	    preserve_tunables_modified;
b37ca7 
+	    preserve_tunables_modified, bools_modified;
b37ca7 
 	dbase_config_t *users = semanage_user_dbase_local(sh);
b37ca7 
 	dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
b37ca7 
 	dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
b37ca7 
@@ -771,11 +771,11 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7 
 	users_extra_modified =
b37ca7 
 	    users_extra->dtable->is_modified(users_extra->dbase);
b37ca7 
 	ports_modified = ports->dtable->is_modified(ports->dbase);
b37ca7 
+	bools_modified = bools->dtable->is_modified(bools->dbase);
b37ca7
b37ca7 
 	modified = sh->modules_modified;
b37ca7 
 	modified |= ports_modified;
b37ca7 
 	modified |= users->dtable->is_modified(users_base->dbase);
b37ca7 
-	modified |= bools->dtable->is_modified(bools->dbase);
b37ca7 
 	modified |= ifaces->dtable->is_modified(ifaces->dbase);
b37ca7 
 	modified |= nodes->dtable->is_modified(nodes->dbase);
b37ca7 
 	modified |= dontaudit_modified;
b37ca7 
@@ -891,15 +891,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7
b37ca7 
 		/* ==================== Policydb-backed ================ */
b37ca7
b37ca7 
-		/* Create new policy object, then attach to policy databases
b37ca7 
-		 * that work with a policydb */
b37ca7 
+		/* Create new policy object */
b37ca7 
 		retval = semanage_expand_sandbox(sh, base, &out;;
b37ca7 
 		if (retval < 0)
b37ca7 
 			goto cleanup;
b37ca7
b37ca7 
 		sepol_module_package_free(base);
b37ca7 
 		base = NULL;
b37ca7 
+	} else {
b37ca7 
+		/* Load already linked policy */
b37ca7 
+		retval = sepol_policydb_create(&out;;
b37ca7 
+		if (retval < 0)
b37ca7 
+			goto cleanup;
b37ca7 
+
b37ca7 
+		retval = semanage_read_policydb(sh, out);
b37ca7 
+		if (retval < 0)
b37ca7 
+			goto cleanup;
b37ca7 
+	}
b37ca7
b37ca7 
+	if (sh->do_rebuild || modified || bools_modified) {
b37ca7 
+		/* Attach to policy databases that work with a policydb. */
b37ca7 
 		dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase,
b37ca7 
 				      out);
b37ca7 
 		dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
b37ca7 
@@ -921,14 +932,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7 
 		if (retval < 0)
b37ca7 
 			goto cleanup;
b37ca7 
 	} else {
b37ca7 
-		retval = sepol_policydb_create(&out;;
b37ca7 
-		if (retval < 0)
b37ca7 
-			goto cleanup;
b37ca7 
-
b37ca7 
-		retval = semanage_read_policydb(sh, out);
b37ca7 
-		if (retval < 0)
b37ca7 
-			goto cleanup;
b37ca7 
-
b37ca7 
+		/* Changes to non-kernel policy configurations only. */
b37ca7 
 		if (seusers_modified || users_extra_modified) {
b37ca7 
 			retval = semanage_link_base(sh, &base);
b37ca7 
 			if (retval < 0)
b37ca7 
@@ -1007,7 +1011,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7 
 	sepol_policydb_free(out);
b37ca7 
 	out = NULL;
b37ca7
b37ca7 
-	if (sh->do_rebuild || modified ||
b37ca7 
+	if (sh->do_rebuild || modified || bools_modified ||
b37ca7 
 	    seusers_modified || fcontexts_modified || users_extra_modified) {
b37ca7 
 		retval = semanage_install_sandbox(sh);
b37ca7 
 	}
b37ca7 
@@ -1017,7 +1021,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
b37ca7 
 		free(mod_filenames[i]);
b37ca7 
 	}
b37ca7
b37ca7 
-	if (modified) {
b37ca7 
+	if (modified || bools_modified) {
b37ca7 
 		/* Detach from policydb, so it can be freed */
b37ca7 
 		dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
b37ca7 
 		dbase_policydb_detach((dbase_policydb_t *) pports->dbase);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation