review of a dbus-selinux patch

All of lore.kernel.org
 help / color / mirror / Atom feed

* review of a dbus-selinux patch
@ 2013-11-04 15:26 Colin Walters
  2013-11-04 17:06 ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Colin Walters @ 2013-11-04 15:26 UTC (permalink / raw)
  To: selinux

Hi,

Does anyone have comments on:
https://bugs.freedesktop.org/show_bug.cgi?id=71187

We expect people to be able to change major policy types without
recompiling userspace, correct?

The patch makes sense to me (just needs some style fixups per smcv's
comments).  However, from a quick look at the X.org xselinux code, it
looks like it also hardcodes e.g. SECCLASS_X_DRAWABLE; we'd need
a similar change there, right?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: review of a dbus-selinux patch
  2013-11-04 15:26 review of a dbus-selinux patch Colin Walters
@ 2013-11-04 17:06 ` Stephen Smalley
  2013-11-07 19:57   ` Colin Walters
  0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2013-11-04 17:06 UTC (permalink / raw)
  To: Colin Walters; +Cc: selinux

On 11/04/2013 10:26 AM, Colin Walters wrote:
> Hi,
> 
> Does anyone have comments on:
> https://bugs.freedesktop.org/show_bug.cgi?id=71187
> 
> We expect people to be able to change major policy types without
> recompiling userspace, correct?
> 
> The patch makes sense to me (just needs some style fixups per smcv's
> comments).  However, from a quick look at the X.org xselinux code, it
> looks like it also hardcodes e.g. SECCLASS_X_DRAWABLE; we'd need
> a similar change there, right?

XSELinux correctly uses selinux_set_mapping() so that libselinux
internally creates a mapping from arbitrary class/perm indices used by
XSELinux and the policy values and handles all of the translation at
runtime on avc_has_perm() calls.

dbusd can either do the same thing or it can start using
selinux_check_access() instead of directly calling the AVC at all.  Then
all of the SID/context, class, and perm lookups and AVC setup/usage is
transparent to the application, at some potential runtime overhead cost
(but doubt it is significant).  Same topic came up recently for
glibc/ncsd (subject:  Handling unknown permissions in userspace object
managers).

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: review of a dbus-selinux patch
  2013-11-04 17:06 ` Stephen Smalley
@ 2013-11-07 19:57   ` Colin Walters
  2013-11-07 20:44     ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Colin Walters @ 2013-11-07 19:57 UTC (permalink / raw)
  To: Stephen Smalley; +Cc: selinux

[-- Attachment #1: Type: text/plain, Size: 742 bytes --]

On Mon, 2013-11-04 at 12:06 -0500, Stephen Smalley wrote:

> XSELinux correctly uses selinux_set_mapping() so that libselinux
> internally creates a mapping from arbitrary class/perm indices used by
> XSELinux and the policy values and handles all of the translation at
> runtime on avc_has_perm() calls.

Ok, I see how this works now.  It was not obvious at all to me initially
that the order of the #defines in XSELinux had to correspond to the
security_class_mapping struct array.

But then I only discovered while writing a patch to document
selinux_set_mapping() that there are man pages now for the libselinux
API, and I guess the docs in the headers are not really used anymore?

Anyways I attached the patch...maybe it'll be useful.

[-- Attachment #2: 0001-selinux_set_mapping-Document-it.patch --]
[-- Type: text/x-patch, Size: 0 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: review of a dbus-selinux patch
  2013-11-07 19:57   ` Colin Walters
@ 2013-11-07 20:44     ` Stephen Smalley
  0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2013-11-07 20:44 UTC (permalink / raw)
  To: Colin Walters; +Cc: selinux

On 11/07/2013 02:57 PM, Colin Walters wrote:
> On Mon, 2013-11-04 at 12:06 -0500, Stephen Smalley wrote:
> 
>> XSELinux correctly uses selinux_set_mapping() so that libselinux
>> internally creates a mapping from arbitrary class/perm indices used by
>> XSELinux and the policy values and handles all of the translation at
>> runtime on avc_has_perm() calls.
> 
> Ok, I see how this works now.  It was not obvious at all to me initially
> that the order of the #defines in XSELinux had to correspond to the
> security_class_mapping struct array.
> 
> But then I only discovered while writing a patch to document
> selinux_set_mapping() that there are man pages now for the libselinux
> API, and I guess the docs in the headers are not really used anymore?
> 
> Anyways I attached the patch...maybe it'll be useful.

Applied on #next.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-11-07 20:44 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-11-04 15:26 review of a dbus-selinux patch Colin Walters
2013-11-04 17:06 ` Stephen Smalley
2013-11-07 19:57   ` Colin Walters
2013-11-07 20:44     ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.