SELinux: deterministic ordering of range transition rules Range transition rules are placed in the hash table in an (almost) arbitrary order. This patch inserts them in a fixed order to make policy retrival more predictable. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>

commit: 4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Wed Oct 13 17:50:14 2010 -0400
committer: James Morris <jmorris@namei.org> Thu Oct 21 10:12:56 2010 +1100
tree: e2f7e4850dc84768f6dd66e38a1454b8e3574714
parent: b28efd54d9d5c8005a29cd8782335beb9daaa32d [diff] [blame]
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index aa5a2fd..97fb0cf 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c

@@ -185,9 +185,19 @@
 static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2)
 {
 	const struct range_trans *key1 = k1, *key2 = k2;
-	return (key1->source_type != key2->source_type ||
-		key1->target_type != key2->target_type ||
-		key1->target_class != key2->target_class);
+	int v;
+
+	v = key1->source_type - key2->source_type;
+	if (v)
+		return v;
+
+	v = key1->target_type - key2->target_type;
+	if (v)
+		return v;
+
+	v = key1->target_class - key2->target_class;
+
+	return v;
 }
 
 /*
commit	4419aae1f4f380a3fba0f4f12ffbbbdf3f267c51	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Wed Oct 13 17:50:14 2010 -0400
committer	James Morris <jmorris@namei.org>	Thu Oct 21 10:12:56 2010 +1100
tree	e2f7e4850dc84768f6dd66e38a1454b8e3574714
parent	b28efd54d9d5c8005a29cd8782335beb9daaa32d [diff] [blame]