From 8f927c4a9f649b10bea8e68b98be33f30f881f99 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 18 May 2006 16:15:35 +0000 Subject: [PATCH] - More fixes for translation cache - Upgrade to latest from NSA Added matchpathcon_fini() function to free memory allocated by matchpathcon_init(). --- .cvsignore | 1 + libselinux-rhat.patch | 159 +++++++++++++++++++++++++++++++++++++++++- libselinux.spec | 13 +++- sources | 2 +- 4 files changed, 169 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 02f9711..7c0910f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -82,3 +82,4 @@ libselinux-1.30.3.tgz libselinux-1.30.5.tgz libselinux-1.30.6.tgz libselinux-1.30.7.tgz +libselinux-1.30.8.tgz diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 5cc510b..8fc6bc2 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,6 +1,159 @@ -diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.30.6/utils/avcstat.c ---- nsalibselinux/utils/avcstat.c 2005-05-19 15:24:25.000000000 -0400 -+++ libselinux-1.30.6/utils/avcstat.c 2006-05-09 15:09:13.000000000 -0400 +diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.7/src/init.c +--- nsalibselinux/src/init.c 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.7/src/init.c 2006-05-17 13:57:29.000000000 -0400 +@@ -78,21 +78,17 @@ + } + hidden_def(set_selinuxmnt) + +-static void init_translations(void) +-{ +- init_context_translations(); +-} +- + static void init_lib(void) __attribute__ ((constructor)); + static void init_lib(void) + { + selinux_page_size = sysconf(_SC_PAGE_SIZE); + init_selinuxmnt(); +- init_translations(); ++ init_context_translations(); + } + + static void fini_lib(void) __attribute__ ((destructor)); + static void fini_lib(void) + { + fini_selinuxmnt(); ++ fini_context_translations(); + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.30.7/src/selinux_config.c +--- nsalibselinux/src/selinux_config.c 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.7/src/selinux_config.c 2006-05-17 14:31:07.000000000 -0400 +@@ -17,6 +17,7 @@ + #define SELINUXTAG "SELINUX=" + #define SETLOCALDEFS "SETLOCALDEFS=" + #define REQUIRESEUSERS "REQUIRESEUSERS=" ++#define CACHETRANSTAG "CACHETRANS=" + + /* Indices for file paths arrays. */ + #define BINPOLICY 0 +@@ -175,6 +176,10 @@ + sizeof(REQUIRESEUSERS)-1)) { + value = buf_p + sizeof(REQUIRESEUSERS)-1; + intptr = &require_seusers; ++ } else if (!strncmp(buf_p, CACHETRANSTAG, ++ sizeof(CACHETRANSTAG)-1)) { ++ value = buf_p + sizeof(CACHETRANSTAG)-1; ++ intptr = &cache_trans; + } else { + continue; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.7/src/selinux_internal.h +--- nsalibselinux/src/selinux_internal.h 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.7/src/selinux_internal.h 2006-05-17 14:05:25.000000000 -0400 +@@ -70,3 +70,4 @@ + extern int load_setlocaldefs hidden; + extern int require_seusers hidden; + extern int selinux_page_size hidden; ++extern int cache_trans hidden; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.7/src/setrans_client.c +--- nsalibselinux/src/setrans_client.c 2006-05-16 20:43:27.000000000 -0400 ++++ libselinux-1.30.7/src/setrans_client.c 2006-05-17 18:17:41.000000000 -0400 +@@ -16,6 +16,13 @@ + #include "selinux_internal.h" + #include "setrans_internal.h" + ++// Simple cache ++static __thread security_context_t prev_t2r_trans=NULL; ++static __thread security_context_t prev_t2r_raw=NULL; ++static __thread security_context_t prev_r2t_trans=NULL; ++static __thread security_context_t prev_r2t_raw=NULL; ++ ++int cache_trans hidden = 1; + + /* + * setransd_open +@@ -193,6 +200,17 @@ + } + + ++hidden void ++fini_context_translations(void) ++{ ++ if (cache_trans) { ++ free(prev_r2t_trans); ++ free(prev_r2t_raw); ++ free(prev_t2r_trans); ++ free(prev_t2r_raw); ++ } ++} ++ + hidden int + init_context_translations(void) + { +@@ -225,9 +243,24 @@ + *rawp = NULL; + return 0; + } ++ if (cache_trans) { ++ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) { ++ *rawp=strdup(prev_t2r_raw); ++ } else { ++ free(prev_t2r_trans); prev_t2r_trans = NULL; ++ free(prev_t2r_raw); prev_t2r_raw = NULL; ++ if (trans_to_raw_context(trans, rawp)) ++ *rawp = strdup(trans); ++ if (*rawp) { ++ prev_t2r_trans=strdup(trans); ++ prev_t2r_raw=strdup(*rawp); ++ } ++ } ++ } ++ else ++ if (trans_to_raw_context(trans, rawp)) ++ *rawp = strdup(trans); + +- if (trans_to_raw_context(trans, rawp)) +- *rawp = strdup(trans); + return *rawp ? 0 : -1; + } + hidden_def(selinux_trans_to_raw_context) +@@ -240,8 +273,23 @@ + return 0; + } + +- if (raw_to_trans_context(raw, transp)) +- *transp = strdup(raw); ++ if (cache_trans) { ++ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) { ++ *transp=strdup(prev_r2t_trans); ++ } else { ++ free(prev_r2t_raw); prev_r2t_raw = NULL; ++ free(prev_r2t_trans); prev_r2t_trans = NULL; ++ if (raw_to_trans_context(raw, transp)) ++ *transp = strdup(raw); ++ if (*transp) { ++ prev_r2t_raw=strdup(raw); ++ prev_r2t_trans=strdup(*transp); ++ } ++ } ++ } ++ else ++ if (raw_to_trans_context(raw, transp)) ++ *transp = strdup(raw); + + return *transp ? 0 : -1; + } +diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.7/src/setrans_internal.h +--- nsalibselinux/src/setrans_internal.h 2006-05-16 20:43:27.000000000 -0400 ++++ libselinux-1.30.7/src/setrans_internal.h 2006-05-17 14:07:34.000000000 -0400 +@@ -8,3 +8,4 @@ + #define MAX_DATA_BUF 8192 + + extern int init_context_translations(void); ++extern void fini_context_translations(void); +diff --exclude-from=exclude -N -u -r nsalibselinux/utils/avcstat.c libselinux-1.30.7/utils/avcstat.c +--- nsalibselinux/utils/avcstat.c 2006-05-15 09:43:20.000000000 -0400 ++++ libselinux-1.30.7/utils/avcstat.c 2006-05-17 06:18:39.000000000 -0400 @@ -27,12 +27,12 @@ #define HEADERS "lookups hits misses allocations reclaims frees" diff --git a/libselinux.spec b/libselinux.spec index 3d4e0e9..1456d90 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -1,7 +1,7 @@ -%define libsepolver 1.12.6-1 +%define libsepolver 1.12.10-1 Summary: SELinux library and simple utilities Name: libselinux -Version: 1.30.7 +Version: 1.30.8 Release: 1 License: Public domain (uncopyrighted) Group: System Environment/Libraries @@ -111,6 +111,15 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Thu May 18 2006 Dan Walsh 1.30.8-1 +- More fixes for translation cache +- Upgrade to latest from NSA + * Added matchpathcon_fini() function to free memory allocated by + matchpathcon_init(). + +* Wed May 17 2006 Dan Walsh 1.30.7-2 +- Add simple cache to improve translation speed + * Tue May 16 2006 Dan Walsh 1.30.7-1 - Upgrade to latest from NSA * Merged setrans client cleanup patch from Steve Grubb. diff --git a/sources b/sources index a64d64e..a945865 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -375224483fb2c19e5cf5c0cd800f6f21 libselinux-1.30.7.tgz +761f5f8ccc118221244ae9645a4d63dc libselinux-1.30.8.tgz