Skip to content

Commit

Permalink
SELinux: deterministic ordering of range transition rules
Browse files Browse the repository at this point in the history 
Range transition rules are placed in the hash table in an (almost)
arbitrary order.  This patch inserts them in a fixed order to make policy
retrival more predictable.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
  • Loading branch information
Eric Paris authored and James Morris committed Oct 20, 2010
1 parent b28efd5 commit 4419aae
Showing 1 changed file with 13 additions and 3 deletions.
16 changes: 13 additions & 3 deletions security/selinux/ss/policydb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,9 +185,19 @@ static u32 rangetr_hash(struct hashtab *h, const void *k)
static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
{
const struct range_trans *key1 = k1, *key2 = k2;
return (key1->source_type != key2->source_type ||
key1->target_type != key2->target_type ||
key1->target_class != key2->target_class);
int v;

v = key1->source_type - key2->source_type;
if (v)
return v;

v = key1->target_type - key2->target_type;
if (v)
return v;

v = key1->target_class - key2->target_class;

return v;
}

/*
Expand Down

0 comments on commit 4419aae

Please sign in to comment.