All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] secilc: Fix policy optimization test
@ 2020-05-13 14:43 Petr Lautrbach
  2020-05-13 17:37 ` James Carter
  0 siblings, 1 reply; 3+ messages in thread
From: Petr Lautrbach @ 2020-05-13 14:43 UTC (permalink / raw)
  To: selinux; +Cc: Petr Lautrbach

Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was
reverted and attributes with one type are not expanded anymore.

Fixes:
    ./secilc test/policy.cil
    ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil
    checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null
    diff test/opt-expected.cil opt-actual.cil
    11a12
    > (typeattribute at01)
    21a23
    > (typeattributeset at01 (tp01))
    25c27,28
    < (allow tp01 self (cl01 (p01a p01b p11a p11b)))
    ---
    > (allow tp01 at01 (cl01 (p11b)))
    > (allow tp01 self (cl01 (p01a p01b p11a)))

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 secilc/test/opt-expected.cil | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil
index 73ac9045f23e..14033f9be4dd 100644
--- a/secilc/test/opt-expected.cil
+++ b/secilc/test/opt-expected.cil
@@ -9,6 +9,7 @@
 (category c01)
 (categoryorder (c01))
 (sensitivitycategory s01 (c01))
+(typeattribute at01)
 (typeattribute at02)
 (boolean b01 false)
 (type tp01)
@@ -19,10 +20,12 @@
 (type tpr3)
 (type tpr4)
 (type tpr5)
+(typeattributeset at01 (tp01))
 (typeattributeset at02 (tp01 tp02))
 (allow at02 tpr1 (cl01 (p01a p01b p11a)))
 (allow at02 tpr3 (cl01 (p01a p01b p11a)))
-(allow tp01 self (cl01 (p01a p01b p11a p11b)))
+(allow tp01 at01 (cl01 (p11b)))
+(allow tp01 self (cl01 (p01a p01b p11a)))
 (allow tp01 tpr1 (cl01 (p11b)))
 (dontaudit at02 tpr2 (cl01 (p01a p01b p11a)))
 (dontaudit at02 tpr4 (cl01 (p01a p01b p11a)))
-- 
2.26.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] secilc: Fix policy optimization test
  2020-05-13 14:43 [PATCH] secilc: Fix policy optimization test Petr Lautrbach
@ 2020-05-13 17:37 ` James Carter
  2020-05-15 13:43   ` Petr Lautrbach
  0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2020-05-13 17:37 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: SElinux list

On Wed, May 13, 2020 at 10:46 AM Petr Lautrbach <plautrba@redhat.com> wrote:
>
> Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was
> reverted and attributes with one type are not expanded anymore.
>
> Fixes:
>     ./secilc test/policy.cil
>     ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil
>     checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null
>     diff test/opt-expected.cil opt-actual.cil
>     11a12
>     > (typeattribute at01)
>     21a23
>     > (typeattributeset at01 (tp01))
>     25c27,28
>     < (allow tp01 self (cl01 (p01a p01b p11a p11b)))
>     ---
>     > (allow tp01 at01 (cl01 (p11b)))
>     > (allow tp01 self (cl01 (p01a p01b p11a)))
>
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  secilc/test/opt-expected.cil | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil
> index 73ac9045f23e..14033f9be4dd 100644
> --- a/secilc/test/opt-expected.cil
> +++ b/secilc/test/opt-expected.cil
> @@ -9,6 +9,7 @@
>  (category c01)
>  (categoryorder (c01))
>  (sensitivitycategory s01 (c01))
> +(typeattribute at01)
>  (typeattribute at02)
>  (boolean b01 false)
>  (type tp01)
> @@ -19,10 +20,12 @@
>  (type tpr3)
>  (type tpr4)
>  (type tpr5)
> +(typeattributeset at01 (tp01))
>  (typeattributeset at02 (tp01 tp02))
>  (allow at02 tpr1 (cl01 (p01a p01b p11a)))
>  (allow at02 tpr3 (cl01 (p01a p01b p11a)))
> -(allow tp01 self (cl01 (p01a p01b p11a p11b)))
> +(allow tp01 at01 (cl01 (p11b)))
> +(allow tp01 self (cl01 (p01a p01b p11a)))
>  (allow tp01 tpr1 (cl01 (p11b)))
>  (dontaudit at02 tpr2 (cl01 (p01a p01b p11a)))
>  (dontaudit at02 tpr4 (cl01 (p01a p01b p11a)))
> --
> 2.26.2
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] secilc: Fix policy optimization test
  2020-05-13 17:37 ` James Carter
@ 2020-05-15 13:43   ` Petr Lautrbach
  0 siblings, 0 replies; 3+ messages in thread
From: Petr Lautrbach @ 2020-05-15 13:43 UTC (permalink / raw)
  To: SElinux list; +Cc: James Carter

[-- Attachment #1: Type: text/plain, Size: 2177 bytes --]

On Wed, May 13, 2020 at 01:37:13PM -0400, James Carter wrote:
> On Wed, May 13, 2020 at 10:46 AM Petr Lautrbach <plautrba@redhat.com> wrote:
> >
> > Commit 692716fc5fd5 ("libsepol/cil: raise default attrs_expand_size to 2") was
> > reverted and attributes with one type are not expanded anymore.
> >
> > Fixes:
> >     ./secilc test/policy.cil
> >     ./secilc -c 32 -O -M 1 -f /dev/null -o opt-actual.bin test/opt-input.cil
> >     checkpolicy -b -C -M -o opt-actual.cil opt-actual.bin >/dev/null
> >     diff test/opt-expected.cil opt-actual.cil
> >     11a12
> >     > (typeattribute at01)
> >     21a23
> >     > (typeattributeset at01 (tp01))
> >     25c27,28
> >     < (allow tp01 self (cl01 (p01a p01b p11a p11b)))
> >     ---
> >     > (allow tp01 at01 (cl01 (p11b)))
> >     > (allow tp01 self (cl01 (p01a p01b p11a)))
> >
> > Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
> 
> Acked-by: James Carter <jwcart2@gmail.com>

Applied.

> > ---
> >  secilc/test/opt-expected.cil | 5 ++++-
> >  1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/secilc/test/opt-expected.cil b/secilc/test/opt-expected.cil
> > index 73ac9045f23e..14033f9be4dd 100644
> > --- a/secilc/test/opt-expected.cil
> > +++ b/secilc/test/opt-expected.cil
> > @@ -9,6 +9,7 @@
> >  (category c01)
> >  (categoryorder (c01))
> >  (sensitivitycategory s01 (c01))
> > +(typeattribute at01)
> >  (typeattribute at02)
> >  (boolean b01 false)
> >  (type tp01)
> > @@ -19,10 +20,12 @@
> >  (type tpr3)
> >  (type tpr4)
> >  (type tpr5)
> > +(typeattributeset at01 (tp01))
> >  (typeattributeset at02 (tp01 tp02))
> >  (allow at02 tpr1 (cl01 (p01a p01b p11a)))
> >  (allow at02 tpr3 (cl01 (p01a p01b p11a)))
> > -(allow tp01 self (cl01 (p01a p01b p11a p11b)))
> > +(allow tp01 at01 (cl01 (p11b)))
> > +(allow tp01 self (cl01 (p01a p01b p11a)))
> >  (allow tp01 tpr1 (cl01 (p11b)))
> >  (dontaudit at02 tpr2 (cl01 (p01a p01b p11a)))
> >  (dontaudit at02 tpr4 (cl01 (p01a p01b p11a)))
> > --
> > 2.26.2
> >
> 

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-05-15 13:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-13 14:43 [PATCH] secilc: Fix policy optimization test Petr Lautrbach
2020-05-13 17:37 ` James Carter
2020-05-15 13:43   ` Petr Lautrbach

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.