v0 Skip role attributes for policy.X

v0 Skip role attributes for policy.X

[Harry Ciao]

Comments
----------
   Role attributes are redundant for policy.X, their destiny has been
   fulfilled in the expand phase when their types.types ebitmap have
   been populated to that of their sub regular roles.

   Deduct the number of role attributes from p_roles.table->nel and
   skip writing them to policy.X.

   (Thanks Steve for pointing this out)


Tests I've done
-----------------
1. Apply the role attribute test patch from Chris, adding a new test_r
   role and calls rpm_run() for it.
   
2. Use the apol tool to analyze what types the test_r role could type with:
   (Since the apol installed on Ubuntu so far only support max version .24,
    we need to setup "policy-version = 24" in semanage.conf)
   
Note: there is no role attributes such as portage/semanage/rpm_roles
      in policy.24

test_r (36 types)
    bootloader_t
    chfn_t
    chkpwd_t
    consoletype_t
    ddclient_t
    depmod_t
    dhcpc_t
    groupadd_t
    hostname_t
    ifconfig_t
    insmod_t
    iptables_t
    ldconfig_t
    load_policy_t
    loadkeys_t
    lvm_t
    netutils_t
    newrole_t
    nscd_t
    pam_t
    passwd_t
    ping_t
    pppd_t
    pptp_t
    prelink_t
    rpm_script_t
    rpm_t
    semanage_t
    setfiles_t
    test_t
    traceroute_t
    tzdata_t
    updpwd_t
    useradd_t
    usernetctl_t
    utempter_t

3. Use the apol tool to anaylze the domain transitions starting from test_t:

   test_t -> rpm_t -> rpm_script_t -> semanage_t -> load_policy_t
                                                 -> setfiles_t

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[v0 PATCH 1/1] Skip writing role attributes for policy.X.

[Harry Ciao]

Role attributes are redundant for policy.X, their destiny has been
fulfilled in the expand phase when their types.types ebitmap have
been populated to that of their sub regular roles.

Deduct the number of role attributes from p_roles.table->nel and
skip writing them to policy.X.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
---
 libsepol/src/write.c |   30 ++++++++++++++++++++++++++++++
 1 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 290e036..30f6f75 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -972,6 +972,14 @@ static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
 
 	role = (role_datum_t *) datum;
 
+	/*
+	 * Role attributes are redundant for policy.X, skip them
+	 * when writing the roles symbol table. Their numbers would
+	 * be deducted in policydb_write().
+	 */
+	if (p->policy_type == POLICY_KERN && role->flavor == ROLE_ATTRIB)
+		return POLICYDB_SUCCESS;
+
 	len = strlen(key);
 	items = 0;
 	buf[items++] = cpu_to_le32(len);
@@ -1795,6 +1803,19 @@ static int type_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
 	return 0;
 }
 
+static int role_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
+			     hashtab_datum_t datum, void *args)
+{
+	role_datum_t *role = datum;
+	uint32_t *p_nel = args;
+
+	if (role->flavor == ROLE_ATTRIB) {
+		/* uncount attribute from total number of roles */
+		(*p_nel)--;
+	}
+	return 0;
+}
+
 /*
  * Write the configuration data in a policy database
  * structure to a policy database binary representation
@@ -1939,6 +1960,15 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
 		    p->policy_type == POLICY_KERN) {
 			hashtab_map(p->symtab[i].table, type_attr_uncount, &buf[1]);
 		}
+
+		/* 
+		 * Another special case when writing role/attribute symbol
+		 * table, role attributes are redundant for policy.X, so
+		 * deduct their numbers from p_roles.table->nel.
+		 */
+		if (i == SYM_ROLES && p->policy_type == POLICY_KERN)
+			hashtab_map(p->symtab[i].table, role_attr_uncount, &buf[1]);
+
 		items = put_entry(buf, sizeof(uint32_t), 2, fp);
 		if (items != 2)
 			return POLICYDB_ERROR;
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [v0 PATCH 1/1] Skip writing role attributes for policy.X.

[Stephen Smalley]

On Fri, 2011-08-12 at 14:18 +0800, Harry Ciao wrote:
> Role attributes are redundant for policy.X, their destiny has been
> fulfilled in the expand phase when their types.types ebitmap have
> been populated to that of their sub regular roles.
> 
> Deduct the number of role attributes from p_roles.table->nel and
> skip writing them to policy.X.
> 
> Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
> ---
>  libsepol/src/write.c |   30 ++++++++++++++++++++++++++++++
>  1 files changed, 30 insertions(+), 0 deletions(-)
> 
> diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> index 290e036..30f6f75 100644
> --- a/libsepol/src/write.c
> +++ b/libsepol/src/write.c
> @@ -972,6 +972,14 @@ static int role_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
>  
>  	role = (role_datum_t *) datum;
>  
> +	/*
> +	 * Role attributes are redundant for policy.X, skip them
> +	 * when writing the roles symbol table. Their numbers would
> +	 * be deducted in policydb_write().
> +	 */
> +	if (p->policy_type == POLICY_KERN && role->flavor == ROLE_ATTRIB)
> +		return POLICYDB_SUCCESS;
> +
>  	len = strlen(key);
>  	items = 0;
>  	buf[items++] = cpu_to_le32(len);
> @@ -1795,6 +1803,19 @@ static int type_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
>  	return 0;
>  }
>  
> +static int role_attr_uncount(hashtab_key_t key __attribute__ ((unused)),
> +			     hashtab_datum_t datum, void *args)
> +{
> +	role_datum_t *role = datum;
> +	uint32_t *p_nel = args;
> +
> +	if (role->flavor == ROLE_ATTRIB) {
> +		/* uncount attribute from total number of roles */
> +		(*p_nel)--;
> +	}
> +	return 0;
> +}
> +
>  /*
>   * Write the configuration data in a policy database
>   * structure to a policy database binary representation
> @@ -1939,6 +1960,15 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
>  		    p->policy_type == POLICY_KERN) {
>  			hashtab_map(p->symtab[i].table, type_attr_uncount, &buf[1]);
>  		}
> +
> +		/* 
> +		 * Another special case when writing role/attribute symbol
> +		 * table, role attributes are redundant for policy.X, so
> +		 * deduct their numbers from p_roles.table->nel.
> +		 */
> +		if (i == SYM_ROLES && p->policy_type == POLICY_KERN)
> +			hashtab_map(p->symtab[i].table, role_attr_uncount, &buf[1]);
> +
>  		items = put_entry(buf, sizeof(uint32_t), 2, fp);
>  		if (items != 2)
>  			return POLICYDB_ERROR;

Looks like this is wrong for type attributes as well, but shouldn't we
uncount the attributes before we convert endianness?  

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [v0 PATCH 1/1] Skip writing role attributes for policy.X.

[HarryCiao]

[-- Attachment #1: Type: text/plain, Size: 605 bytes --]


Hi Stephen,

> 
> Looks like this is wrong for type attributes as well, but shouldn't we
> uncount the attributes before we convert endianness?  
>

Yep, you are right! I think we should uncount attributes number first then convert endianness.

I will send v1 patch to fix this. Thanks!

Best regards,
Harry
 
> -- 
> Stephen Smalley
> National Security Agency
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
 		 	   		  

[-- Attachment #2: Type: text/html, Size: 933 bytes --]