xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge tag 'selinux-pr-20200803' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Browse Source 
Pull selinux updates from Paul Moore:
 "Beyond the usual smattering of bug fixes, we've got three small
  improvements worth highlighting:

   - improved SELinux policy symbol table performance due to a reworking
     of the insert and search functions

   - allow reading of SELinux labels before the policy is loaded,
     allowing for some more "exotic" initramfs approaches

   - improved checking an error reporting about process
     class/permissions during SELinux policy load"

* tag 'selinux-pr-20200803' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: complete the inlining of hashtab functions
  selinux: prepare for inlining of hashtab functions
  selinux: specialize symtab insert and search functions
  selinux: Fix spelling mistakes in the comments
  selinux: fixed a checkpatch warning with the sizeof macro
  selinux: log error messages on required process class / permissions
  scripts/selinux/mdp: fix initial SID handling
  selinux: allow reading labels before policy is loaded
This commit is contained in:
Linus Torvalds
2020-08-04 14:18:01 -07:00
parent 9ecc6ea491 54b27f9287
commit 49e917deeb
15 changed files with 258 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
scripts/selinux/mdp/mdp.c
View File

@@ -67,8 +67,14 @@ int main(int argc, char *argv[])
initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *);
/* print out the sids */
for (i = 1; i < initial_sid_to_string_len; i++)
fprintf(fout, "sid %s\n", initial_sid_to_string[i]);
for (i = 1; i < initial_sid_to_string_len; i++) {
const char *name = initial_sid_to_string[i];
if (name)
fprintf(fout, "sid %s\n", name);
else
fprintf(fout, "sid unused%d\n", i);
}
fprintf(fout, "\n");
/* print out the class permissions */
@@ -126,9 +132,16 @@ int main(int argc, char *argv[])
#define OBJUSERROLETYPE "user_u:object_r:base_t"
/* default sids */
for (i = 1; i < initial_sid_to_string_len; i++)
fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n",
initial_sid_to_string[i], mls ? ":" SYSTEMLOW : "");
for (i = 1; i < initial_sid_to_string_len; i++) {
const char *name = initial_sid_to_string[i];
if (name)
fprintf(fout, "sid %s ", name);
else
fprintf(fout, "sid unused%d\n", i);
fprintf(fout, SUBJUSERROLETYPE "%s\n",
mls ? ":" SYSTEMLOW : "");
}
fprintf(fout, "\n");
#define FS_USE(behavior, fstype) \