From: Daniel Wagner <daniel.wag...@bmw-carit.de> Hi,
I reworked this series completely in order to address various shortcomings of the previous version. session_policy_local: Do not handle small allocation Patch #1 is the same as in v0 and it updates session_policy_local to the new policy not trying to handle the small allocation errors. The upsite the code paths gets simpler to read, especially with the interaction between session core and the plugin. session_policy_local: Refactor SELinux context parser Patch #2 has changes slightly from v0. It does not check if the token array length is long enough. Also it does not strdup unnecessary the context string. session_policy_local: Update session before unref policy Patch #3 is new and fixes the update logic. Just update the session core before unrefing the policy object. This patch prepars the next patch. [PATCH v0 04/11] session_policy_local: Print warning if loading of policy fails This patch has been dropped because later in the series we will remove this feature completely. session_policy_local: Add some more debug infos The new patch #4 was in v0 patch #5 and is still the same. Now the new stuff starts. session_policy_local: Move load_[keyfile|policy] up With this patch we just move those two function up so we can use them in the following patches with forward declarations. session_policy_local: Attach policy directly to session This patch moves the ownership of a policy object to a session object. That makes a lot of things easier in regard of lifetime management. We also stop loading all files in memory even though have no session running. session_policy_local: Remove struct create_data With the owner change we can get rid of this tempary data structure. session_policy_local: Retrieve UID/GID from session user This patch finaly adds support UID/GID support to a session. The main difference to the previous version is that we now support all GIDs which belong to a UID. Also we differentiate between UID and GID with prefixing the files. So a file which starts with 'uid_' is matched against the UID, respectively 'gid_' against GIDs. The LSM context is prefixed with 'lsm_'. session-test: Add tests for session_policy_local And here we have a simple test for the above. All patches also available here: https://github.com/bmwcarit/connman/tree/secmark-v5 BTW: you might want to look at following change in order to see how the final result: https://github.com/bmwcarit/connman/commit/e6d3e72b1c3ce34d232edb33ea7d4679e718f908 cheers, daniel Daniel Wagner (9): session_policy_local: Do not handle small allocation session_policy_local: Refactor SELinux context parser session_policy_local: Update session before unref policy session_policy_local: Add some more debug infos session_policy_local: Move load_[keyfile|policy] up session_policy_local: Attach policy directly to session session_policy_local: Remove struct create_data session_policy_local: Retrieve UID/GID from session user session-test: Add tests for session_policy_local plugins/session_policy_local.c | 510 ++++++++++++++++++++++------------------- tools/session-test.c | 156 +++++++++++++ 2 files changed, 424 insertions(+), 242 deletions(-) -- 1.8.2.rc3.16.gce432ca _______________________________________________ connman mailing list connman@connman.net http://lists.connman.net/listinfo/connman
