Re: [RFC & PATCH] inherited type definition.

[KaiGai Kohei <kaigai@kaigai.gr.jp>]

[-- Attachment #1: Type: text/plain, Size: 2526 bytes --]

Hi,

Yesterday, I posted a patch that implements "TYPE ... EXTENDS ..." statement.
But, I noticed this patch can't be applied to latest checkpolicy-1.22.

So, I modified the inherited type definition patch for latest checkpolicy.
There is no differences on functionality and compatibility.

Thanks, any comments please.

KaiGai Kohei wrote:
> Hello,
> This attached patch provids a new syntax extension to checkpolicy.
> This makes it possible to describe a definition of type which inherit
> access vectors of parent's types/attributes.
> 
> Syntax:
> TYPE <type> [ALIAS <aliases>] EXTENDS <type/attr>, <type/attr>, ... ;
> 
> The basical idea is like attribute, but 'EXTENDS' has those differences as follows:
> - It can inherit other types, not only attribute.
> - It can describe multi-layer inheritance tree of type.
> 
> Currently, when we try to define a type like another type, we must describe a new
> type from a scratch for tiny difference.  For example, if we want a new type
> 'ext_user_t' which is permitted all access vectors for user_t and a tiny additional
> access vectors, we must describe all of the user_t's access vectors and some of
> original allow-statements.
> 
> When you use EXTENDS extension, only what you describe are a type definition
> with EXTENDS statement and some original allow-statements.
> 
> [Simple Example]
> type subject_t;
> type parent_t;
> type child_t extends parent_t;
> type grandchild_t extends child_t;
> type stranger_t;
> 
> In this case, there are five types for explanation.
> - "allow subject_t child_t:XXX XXX;" means "allow subject_t {child_t grandchild_t}:XXX XXX".
> - "allow parent_t child_t:XXX XXX;" means "allow {parent_t child_t grandchild_t} {child_t grandchild_t}:XXX XXX"
> - "allow subject_t ~parent_t:XXX XXX" means "allow subject_t stranger_t:XXX XXX".
>   child_t and grandchild_t are not included in ~parent_t, because its ancestor is parent_t.
> - "allow child_t self:XXX XXX" means "allow child_t child_t:XXX XXX",
>   "allow child_t grandchild_t:XXX XXX" and "allow grandchild_t grandchild_t:XXX XXX".
> 
> An access vector granted to parent-type is inherited to child and grandchild.
> We must pay attention to '~' and 'self'.
> When we use '~', that means the reverse of the type and its children.
> When we use 'self', that means the type and its children.
> 
> Thanks, any comments please.
> # This is a personal work, but would you Cc: 'kaigai@ak.jp.nec.com' for useful ?

-- 
DO NOTHING IS THE WORST POLICY.
KaiGai Kohei <kaigai@kaigai.gr.jp>

[-- Attachment #2: checkpolicy-1.22-type_extends.patch --]
[-- Type: text/plain, Size: 12634 bytes --]

--- checkpolicy-1.22/policy_scan.l	2005-02-17 09:59:23.000000000 -0500
+++ checkpolicy-1.22.extends/policy_scan.l	2005-03-14 20:37:54.000000000 -0500
@@ -78,6 +78,8 @@ ELSE |
 else				{ return(ELSE); }
 ALIAS |
 alias				{ return(ALIAS); }
+EXTENDS |
+extends				{ return(EXTENDS); }
 ATTRIBUTE |
 attribute			{ return(ATTRIBUTE); }
 TYPE_TRANSITION |
--- checkpolicy-1.22/checkpolicy.h	2005-01-26 14:16:20.000000000 -0500
+++ checkpolicy-1.22.extends/checkpolicy.h	2005-03-14 20:40:12.000000000 -0500
@@ -18,4 +18,16 @@ te_assert_t *te_assertions;
 extern unsigned int policyvers;
 extern unsigned int mlspol;
 
+/* type was not indexed in policydb,
+   but it's necessary for extends support. */
+extern type_datum_t **type_val_to_struct;
+extern int num_type_val_to_struct;
+extern void get_child_types(ebitmap_t *set, type_datum_t *t, int depth);
+
+static inline type_datum_t *get_type(int typeval) {
+	if (!type_val_to_struct || typeval<1 || typeval>num_type_val_to_struct)
+		return NULL;
+	return type_val_to_struct[typeval-1];
+}
+
 #endif
--- checkpolicy-1.22/checkpolicy.c	2005-01-26 14:16:20.000000000 -0500
+++ checkpolicy-1.22.extends/checkpolicy.c	2005-03-14 20:37:54.000000000 -0500
@@ -344,6 +344,8 @@ void check_assertion_helper(unsigned int
 
 void check_assertions(void) 
 {
+	ebitmap_t temp;
+	type_datum_t *typedatum;
 	te_assert_t *a, *tmp;
 	unsigned int i, j;
 
@@ -353,7 +355,19 @@ void check_assertions(void) 
 			if (!ebitmap_get_bit(&a->stypes, i))
 				continue;
 			if (a->self) {
-				check_assertion_helper(i, i, &a->tclasses, a->avp, a->line);
+				typedatum = type_val_to_struct[i];
+				if (!typedatum) {
+					fprintf(stderr, "BUG: check_assetion for undefined type.\n");
+					exit(1);
+				}
+				ebitmap_init(&temp);
+				get_child_types(&temp, typedatum, 0);
+				for (j = ebitmap_startbit(&temp); j < ebitmap_length(&temp); j++) {
+					if (!ebitmap_get_bit(&temp, j))
+						continue;
+					check_assertion_helper(i, j, &a->tclasses, a->avp, a->line);
+				}
+				ebitmap_destroy(&temp);
 			}
 			for (j = ebitmap_startbit(&a->ttypes); j < ebitmap_length(&a->ttypes); j++) {
 				if (!ebitmap_get_bit(&a->ttypes, j)) 
@@ -442,6 +456,41 @@ int change_bool(char *name, int state)
 	return 0;
 }
 
+type_datum_t **type_val_to_struct = NULL;
+int num_type_val_to_struct = -1;
+
+static int type_val_to_struct_helper(hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+	type_datum_t *t = (type_datum_t *)d;
+	if (!t->isattr && t->primary)
+		type_val_to_struct[t->value-1] = t;
+	return 0; /* always success */
+}
+
+void get_child_types(ebitmap_t *set, type_datum_t *td, int depth)
+{
+	type_datum_t *child;
+	int i;
+
+	if (td->isattr && depth>0) {
+		fprintf(stderr, "BUG: an attribute must not inherit anyone.\n");
+		exit(1);
+	}
+
+	if (!td->isattr && !td->primary)
+		td = get_type(td->value);
+
+	if (!td->isattr)
+		ebitmap_set_bit(set, td->value - 1, 1);
+
+	for (i = ebitmap_startbit(&td->types); i < ebitmap_length(&td->types); i++) {
+		if (ebitmap_get_bit(&td->types, i)) {
+			child = type_val_to_struct[i];
+			get_child_types(set, child, depth + 1);
+		}
+	}
+}
+
 int main(int argc, char **argv)
 {
 	security_class_t tclass;
@@ -456,7 +505,7 @@ int main(int argc, char **argv)
 	unsigned int binary = 0, debug = 0;
 	struct val_to_name v;
 	int ret, ch, fd;
-	unsigned int nel;
+	unsigned int nel, len;
 	struct stat sb;
 	void *map;
 	FILE *outfp = NULL;
@@ -593,6 +642,18 @@ int main(int argc, char **argv)
 			fprintf(stderr, "%s:  error(s) encountered while parsing configuration\n", argv[0]);
 			exit(1);
 		}
+
+		/* construction of type_val_to_struct */
+		num_type_val_to_struct = policydbp->p_types.nprim;
+		len = sizeof(type_datum_t *) * num_type_val_to_struct;
+		type_val_to_struct = (type_datum_t **)malloc(len);
+		if (!type_val_to_struct) {
+			fprintf(stderr, "type_val_to_struct: out of memory\n");
+			exit(1);
+		}
+		memset(type_val_to_struct, 0, len);
+		hashtab_map(policydbp->p_types.table, type_val_to_struct_helper, NULL);
+
 		rewind(yyin);
 		policydb_lineno = 1;
 		source_file[0] = '\0';
--- checkpolicy-1.22/policy_parse.y	2005-02-17 09:59:23.000000000 -0500
+++ checkpolicy-1.22.extends/policy_parse.y	2005-03-14 20:46:25.000000000 -0500
@@ -19,6 +19,11 @@
  *	the Free Software Foundation, version 2.
  */
 
+/* Updated: KaiGai Kohei, <kaigai@ak.jp.nec.com>
+ *      Added inherited type extensions. (2005/03/13)
+ */
+
+
 /* FLASK */
 
 %{
@@ -73,7 +78,7 @@ static int define_level(int range);
 static int define_attrib(void);
 static int define_typealias(void);
 static int define_typeattribute(void);
-static int define_type(int alias);
+static int define_type(int alias, int extends);
 static int define_compute_type(int which);
 static int define_te_avtab(int which);
 static int define_role_types(void);
@@ -133,6 +138,7 @@ static int define_ipv6_node_context(void
 %token TYPE
 %token TYPES
 %token ALIAS
+%token EXTENDS
 %token ATTRIBUTE
 %token BOOL
 %token IF
@@ -297,9 +303,13 @@ attribute_def           : ATTRIBUTE iden
                         { if (define_attrib()) return -1;}
                         ;
 type_def		: TYPE identifier alias_def opt_attr_list ';'
-                        {if (define_type(1)) return -1;}
+                        {if (define_type(1, 0)) return -1;}
 	                | TYPE identifier opt_attr_list ';'
-                        {if (define_type(0)) return -1;}
+                        {if (define_type(0, 0)) return -1;}
+			| TYPE identifier alias_def opt_extends_list ';'
+			{if (define_type(1, 1)) return -1;}
+			| TYPE identifier opt_extends_list ';'
+			{if (define_type(0, 1)) return -1;}
     			;
 typealias_def           : TYPEALIAS identifier alias_def ';'
 			{if (define_typealias()) return -1;}
@@ -310,6 +320,8 @@ typeattribute_def	: TYPEATTRIBUTE identi
 opt_attr_list           : ',' id_comma_list
 			| 
 			;
+opt_extends_list	: EXTENDS id_comma_list
+			;
 bool_def                : BOOL identifier bool_val ';'
                         {if (define_bool()) return -1;}
                         ;
@@ -1529,13 +1541,11 @@ static int define_typealias(void)
 		if (ret == HASHTAB_PRESENT) {
 			sprintf(errormsg, "name conflict for type alias %s", id);
 			yyerror(errormsg);
-			free(aliasdatum);
 			free(id);
 			return -1;
 		}
 		if (ret == HASHTAB_OVERFLOW) {
 			yyerror("hash table overflow");
-			free(aliasdatum);
 			free(id);
 			return -1;
 		}
@@ -1596,10 +1606,10 @@ static int define_typeattribute(void)
 	return 0;
 }
 
-static int define_type(int alias)
+static int define_type(int alias, int extends)
 {
 	char *id;
-	type_datum_t *datum, *aliasdatum, *attr;
+	type_datum_t *datum, *aliasdatum, *inherit;
 	int ret, newattr = 0;
 
 
@@ -1663,13 +1673,11 @@ static int define_type(int alias)
 			if (ret == HASHTAB_PRESENT) {
 				sprintf(errormsg, "name conflict for type alias %s", id);
 				yyerror(errormsg);
-				free(aliasdatum);
 				free(id);
 				return -1;
 			}
 			if (ret == HASHTAB_OVERFLOW) {
 				yyerror("hash table overflow");
-				free(aliasdatum);
 				free(id);
 				return -1;
 			}
@@ -1677,9 +1685,10 @@ static int define_type(int alias)
 	}
 
 	while ((id = queue_remove(id_queue))) {
-		attr = hashtab_search(policydbp->p_types.table, id);
-		if (!attr) {
-			sprintf(errormsg, "attribute %s is not declared", id);
+		inherit = hashtab_search(policydbp->p_types.table, id);
+		if (!inherit) {
+			sprintf(errormsg, "%sattribute %s is not declared",
+			        (extends)?"type/":"", id);
 #if 1
 			/* treat it as a fatal error */
 			yyerror(errormsg);
@@ -1708,7 +1717,7 @@ static int define_type(int alias)
 			newattr = 0;
 		}
 
-		if (!attr->isattr) {
+		if (!extends && !inherit->isattr) {
 			sprintf(errormsg, "%s is a type, not an attribute", id);
 			yyerror(errormsg);
 			return -1;
@@ -1717,7 +1726,7 @@ static int define_type(int alias)
 		if (!newattr)
 			free(id);
 
-		ebitmap_set_bit(&attr->types, datum->value - 1, TRUE);
+		ebitmap_set_bit(&inherit->types, datum->value - 1, TRUE);
 	}
 
 	return 0;
@@ -1756,7 +1765,6 @@ static char *type_val_to_name(unsigned i
 	return NULL;
 }
 
-
 static int set_types(ebitmap_t *set,
 		     ebitmap_t *negset,
 		     char *id,
@@ -1764,6 +1772,7 @@ static int set_types(ebitmap_t *set,
 {
 	type_datum_t *t;
 	unsigned int i;
+	ebitmap_t temp;
 
 	if (strcmp(id, "*") == 0) {
 		/* set all types not in negset */
@@ -1801,41 +1810,25 @@ static int set_types(ebitmap_t *set,
 		return -1;
 	}
 
-	if (t->isattr) {
-		/* set or clear all types with this attribute,
-		   but do not set anything explicitly cleared previously */
-		for (i = ebitmap_startbit(&t->types); i < ebitmap_length(&t->types); i++) {
-			if (!ebitmap_get_bit(&t->types, i)) 
-				continue;		
-			if (!(*add)) {
-				ebitmap_set_bit(set, i, FALSE);
-				ebitmap_set_bit(negset, i, TRUE);
-			} else if (!ebitmap_get_bit(negset, i)) {
-				ebitmap_set_bit(set, i, TRUE);
-#if VERBOSE
-			} else {
-				char *name = type_val_to_name(i+1);
-				sprintf(errormsg, "ignoring %s due to prior -%s", name, name);
-				yywarn(errormsg);
-#endif
-			}
-		}
-	} else {
-		/* set or clear one type, but do not set anything
-		   explicitly cleared previously */	
+	ebitmap_init(&temp);
+	get_child_types(&temp, t, 0);
+	for (i = ebitmap_startbit(&temp); i < ebitmap_length(&temp); i++) {
+		if (!ebitmap_get_bit(&temp, i))
+			continue;
 		if (!(*add)) {
-			ebitmap_set_bit(set, t->value - 1, FALSE);
-			ebitmap_set_bit(negset, t->value - 1, TRUE);
-		} else if (!ebitmap_get_bit(negset, t->value - 1)) {
-			ebitmap_set_bit(set, t->value - 1, TRUE);
+			ebitmap_set_bit(set, i, FALSE);
+			ebitmap_set_bit(negset, i, TRUE);
+		} else if (!ebitmap_get_bit(negset, i)) {
+			ebitmap_set_bit(set, i, TRUE);
 #if VERBOSE
 		} else {
-			sprintf(errormsg, "ignoring %s due to prior -%s", id, id);
+			char *name = type_val_to_name(i+1);
+			sprintf(errormsg, "ignoring %s due to prior -%s", name, name);
 			yywarn(errormsg);
 #endif
 		}
 	}
-
+	ebitmap_destroy(&temp);
 	free(id);
 	*add = 1;
 	return 0;
@@ -2419,7 +2412,8 @@ static cond_av_list_t *define_cond_te_av
 	cond_av_list_t *sub_list, *final_list, *tail;
 	class_datum_t *cladatum;
 	perm_datum_t *perdatum;
-	ebitmap_t stypes, ttypes, tclasses, negset;
+	type_datum_t *typedatum;
+	ebitmap_t stypes, ttypes, tclasses, temp, negset;
 	access_vector_t *avp;
 	int i, j, hiclass, self = 0, add = 1;
 	int suppress = 0;
@@ -2543,18 +2537,31 @@ static cond_av_list_t *define_cond_te_av
 			if (!ebitmap_get_bit(&stypes, i)) 
 				continue;
 			if (self) {
-				if ((sub_list = cond_te_avtab_helper(which, i, i, &tclasses, avp )) == COND_ERR)
+				typedatum = get_type(i+1);
+				if (!typedatum)
 					return COND_ERR;
-				if (final_list) {
-					tail->next = sub_list;
-					while (tail->next != NULL)
-						tail = tail->next;
-				} else {
-					final_list = sub_list;
-					tail = final_list;
-					while (tail->next != NULL)
-						tail = tail->next;
+				ebitmap_init(&temp);
+				get_child_types(&temp, typedatum, 0);
+				for (j = ebitmap_startbit(&temp); j < ebitmap_length(&temp); j++) {
+					if(!ebitmap_get_bit(&temp, j))
+						continue;
+					sub_list = cond_te_avtab_helper(which, i, j, &tclasses, avp );
+					if (sub_list==COND_ERR) {
+						ebitmap_destroy(&temp);
+						return COND_ERR;
+					}
+					if (final_list) {
+						tail->next = sub_list;
+						while (tail->next != NULL)
+							tail = tail->next;
+					} else {
+						final_list = sub_list;
+						tail = final_list;
+						while (tail->next != NULL)
+							tail = tail->next;
+					}
 				}
+				ebitmap_destroy(&temp);
 			}
 		}
 	}
@@ -2595,7 +2602,8 @@ static int define_te_avtab(int which)
 	char *id;
 	class_datum_t *cladatum;
 	perm_datum_t *perdatum;
-	ebitmap_t stypes, ttypes, tclasses, negset;
+	type_datum_t *typedatum;
+	ebitmap_t stypes, ttypes, tclasses, temp, negset;
 	access_vector_t *avp;
 	unsigned int i, j, hiclass;
 	int self = 0, add = 1;
@@ -2735,8 +2743,20 @@ static int define_te_avtab(int which)
 		if (!ebitmap_get_bit(&stypes, i)) 
 			continue;
 		if (self) {
-			if (te_avtab_helper(which, i, i, &tclasses, avp))
+			typedatum = get_type(i+1);
+			if (!typedatum)
 				return -1;
+			ebitmap_init(&temp);
+			get_child_types(&temp, typedatum, 0);
+			for (j = ebitmap_startbit(&temp); j < ebitmap_length(&temp); j++) {
+				if (!ebitmap_get_bit(&temp, j))
+					continue;
+				if (te_avtab_helper(which, i, j, &tclasses, avp)) {
+					ebitmap_destroy(&temp);
+					return -1;
+				}
+			}
+			ebitmap_destroy(&temp);
 		}
 		for (j = ebitmap_startbit(&ttypes); j < ebitmap_length(&ttypes); j++) {
 			if (!ebitmap_get_bit(&ttypes, j))