'[PATCH 57/73] libselinux: assert if avc_init() not called'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    [PATCH 57/73] libselinux: assert if avc_init() not called
From:       Daniel J Walsh <dwalsh () redhat ! com>
Date:       2012-03-27 15:36:30
Message-ID: 4F71DE7E.1030603 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9x3n4ACgkQrlYvE4MpobNUygCfeyNbt/5SzPYcdpyemQVZuLYK
bY0AoIu1VWDBneF+KsBbO5IhqWRqsRdz
=8Nsj
-----END PGP SIGNATURE-----

["0057-libselinux-assert-if-avc_init-not-called.patch" (text/x-patch)]

From 57c379630a9b484c034aef5d878e8a666f9bb577 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 6 Mar 2012 10:44:30 -0500
Subject: [PATCH 57/73] libselinux: assert if avc_init() not called

To simplify finding why programs don't work, assert that avc_init() was
called any time avc functions are called.  This means we won't get
'random' segfaults and will instead be able to hopefully quickly
determine what we did wrong as application developers.

Signed-off-by: Eric Paris <eparis@redhat.com>
---
 libselinux/src/avc.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
index 21c09f7..6ff83a7 100644
--- a/libselinux/src/avc.c
+++ b/libselinux/src/avc.c
@@ -9,6 +9,7 @@
  */
 #include <selinux/avc.h>
 #include "selinux_internal.h"
+#include <assert.h>
 #include "avc_sidtab.h"
 #include "avc_internal.h"
 
@@ -69,6 +70,9 @@ static inline int avc_hash(security_id_t ssid,
 int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid)
 {
 	int rc;
+	/* avc_init needs to be called before this function */
+	assert(avc_running);
+
 	avc_get_lock(avc_lock);
 	rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
 	avc_release_lock(avc_lock);
@@ -249,6 +253,8 @@ void avc_cache_stats(struct avc_cache_stats *p)
 
 void avc_sid_stats(void)
 {
+	/* avc_init needs to be called before this function */
+	assert(avc_running);
 	avc_get_lock(avc_log_lock);
 	avc_get_lock(avc_lock);
 	sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
@@ -548,6 +554,8 @@ void avc_destroy(void)
 	struct avc_callback_node *c;
 	struct avc_node *node, *tmp;
 	int i;
+	/* avc_init needs to be called before this function */
+	assert(avc_running);
 
 	avc_get_lock(avc_lock);
 
@@ -879,6 +887,8 @@ int avc_compute_member(security_id_t ssid,  security_id_t tsid,
 	int rc;
 	security_context_t ctx = NULL;
 	*newsid = NULL;
+	/* avc_init needs to be called before this function */
+	assert(avc_running);
 	avc_get_lock(avc_lock);
 
 	rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, &ctx);
-- 
1.7.9.3


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic