diff options
| author | Eric Paris <eparis@redhat.com> | 2010-10-13 17:50:14 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-10-20 19:12:56 -0400 |
| commit | 4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51 (patch) | |
| tree | e2f7e4850dc84768f6dd66e38a1454b8e3574714 | |
| parent | b28efd54d9d5c8005a29cd8782335beb9daaa32d (diff) | |
SELinux: deterministic ordering of range transition rules
Range transition rules are placed in the hash table in an (almost)
arbitrary order. This patch inserts them in a fixed order to make policy
retrival more predictable.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | security/selinux/ss/policydb.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index aa5a2fd1cc09..97fb0cf0eb69 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -185,9 +185,19 @@ static u32 rangetr_hash(struct hashtab *h, const void *k) | |||
| 185 | static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) | 185 | static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) |
| 186 | { | 186 | { |
| 187 | const struct range_trans *key1 = k1, *key2 = k2; | 187 | const struct range_trans *key1 = k1, *key2 = k2; |
| 188 | return (key1->source_type != key2->source_type || | 188 | int v; |
| 189 | key1->target_type != key2->target_type || | 189 | |
| 190 | key1->target_class != key2->target_class); | 190 | v = key1->source_type - key2->source_type; |
| 191 | if (v) | ||
| 192 | return v; | ||
| 193 | |||
| 194 | v = key1->target_type - key2->target_type; | ||
| 195 | if (v) | ||
| 196 | return v; | ||
| 197 | |||
| 198 | v = key1->target_class - key2->target_class; | ||
| 199 | |||
| 200 | return v; | ||
| 191 | } | 201 | } |
| 192 | 202 | ||
| 193 | /* | 203 | /* |