Category Translation patch for MCS/MLS Policy

[Daniel J Walsh <Dan-Walsh@comcast.net>]

[-- Attachment #1: Type: text/plain, Size: 2196 bytes --]

I have written up a patch for libselinux to implement two functions, to 
translate the security level.

getselevelbyname
getselevelbysename
setransconlevel

These functions try to dlopen a libsetrans and call the equivalent 
functions in this library.
Currently the patch only changes the *getfilecon function calls use 
these translations.
I have also attached a libsetrans-0.1.0-src.rpm  which would be the 
translation library for MCS.

I am not sure if a similar library was proposed by TCS or not,  I can 
not find it.  This is a lot simpler than
what Ivan proposed last week. 

Manipulation of securitylevel is to be done by the provider of the 
translation library (setrans).  So that a MLS environment
can use the Mitre library to translate, while MCS can use much simpler 
algorithms.

My demo libsetrans does the following

* If Security level is S0, remove security level all together.  I don't 
want users seeing this, since it is pretty useless information.
It would be nice to get rid of "object_r" also since it takes up 
terminal space and supplies Zero information.

* If a file has a security context other than S0, strip SO: off of it 
and pass it to the translation function calls. 
    Currently these calls only take a single category.
* If there is no translation it returns the category.

The categories in MCS are currently just loaded from a flat file 
/etc/selinux/category.conf. 
c1=Medical Records
c2=Top Secret
c3=Company Confidential
Eventually this will be configurable so this data could come from an 
ldap server, maybe it could be rolled into nsswitch.


Example output  (libselinux has sensivity level s0,  install.log.syslog 
has s0:c2)

ls -lZ /root
-rw-------  root     root     root:object_r:user_home_t:Top Secret 
anaconda-ks.cfg
-rw-r--r--  root     root     root:object_r:tmp_t:Medical Records dan
-rw-r--r--  root     root     root:object_r:user_home_t:Top Secret 
install.log
-rw-r--r--  root     root     root:object_r:user_home_t:c4 
install.log.syslog
-rw-r--r--  root     root     root:object_r:user_home_t        
libselinux-1.24.2-2.src.rpm


Comments?
Did I reimplement something that others already implemented?  Is this 
what people expect?

[-- Attachment #2: libselinux-rhat.patch --]
[-- Type: text/x-patch, Size: 7728 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.24.2/include/selinux/setrans.h
--- nsalibselinux/include/selinux/setrans.h	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.24.2/include/selinux/setrans.h	2005-08-05 09:56:54.000000000 -0400
@@ -0,0 +1,27 @@
+#ifndef _SETRANS_H_
+#define _SETRANS_H_
+
+#include <selinux/selinux.h>
+
+/* Define data structures */
+typedef struct selevel {
+	char* name;
+	char* sename;
+} selevel_t;
+
+/* Category data structure */
+/* Data returned from the getselevel functions must be freed using freelevel */
+
+/* Get Security Level translation struct via internal Name */
+extern struct selevel *getselevelbyname(const char *name);
+
+/* Get Security Level translation struct via external Name */
+extern struct selevel *getselevelbysename( const char* sename);
+
+/* Function used to free data returned via getselevel functions */
+extern void freeselevel( selevel_t *level);
+
+/* Translate security context, into exernal representation */
+extern char *setransconlevel(const security_context_t con);
+
+#endif
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.24.2/man/man8/selinuxenabled.8
--- nsalibselinux/man/man8/selinuxenabled.8	2004-11-02 14:26:19.000000000 -0500
+++ libselinux-1.24.2/man/man8/selinuxenabled.8	2005-08-05 09:47:55.000000000 -0400
@@ -7,7 +7,7 @@
 .SH "DESCRIPTION"
 .B selinuxenabled
 Indicates whether SELinux is enabled or disabled. It exits with status 0 
-if SELinux is enabled and -256 if it is not enabled.
+if SELinux is enabled and 1 if it is not enabled.
 
 .SH AUTHOR	
 Dan Walsh, <dwalsh@redhat.com>
diff --exclude-from=exclude -N -u -r nsalibselinux/src/context.c libselinux-1.24.2/src/context.c
--- nsalibselinux/src/context.c	2005-01-28 12:15:29.000000000 -0500
+++ libselinux-1.24.2/src/context.c	2005-08-05 09:47:55.000000000 -0400
@@ -134,20 +134,27 @@
 
 static int set_comp(context_private_t* n,int index, const char *str)
 {
-        char *t = (char*) malloc(strlen(str)+1);
-        const char *p;
-        if ( !t ) { return 1; }
-        for ( p = str; *p; p++ ) {
-                if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
-                     (*p == ':' && index != COMP_RANGE) ) {
-                        free(t);
-                        return 1;
-                }
-        }
-        conditional_free(&n->component[index]);
-        n->component[index] = t;
-        strcpy(t,str);
-        return 0;
+	char *t;
+	
+	if (str) {
+		t = (char*) malloc(strlen(str)+1);
+		const char *p;
+		if ( !t ) { return 1; }
+		for ( p = str; *p; p++ ) {
+			if ( *p == '\t' || *p == '\n' || *p == '\r' ||
+			     (*p == ':' && index != COMP_RANGE) ) {
+				free(t);
+				return 1;
+			}
+		}
+		conditional_free(&n->component[index]);
+		n->component[index] = t;
+		strcpy(t,str);
+	} else {
+		conditional_free(&n->component[index]);
+		n->component[index] = NULL;
+	}
+	return 0;
 }
 
 #define def_get(name,tag) \
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.24.2/src/fgetfilecon.c
--- nsalibselinux/src/fgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.24.2/src/fgetfilecon.c	2005-08-05 09:47:55.000000000 -0400
@@ -6,6 +6,7 @@
 #include <errno.h>
 #include <sys/xattr.h>
 #include "policy.h"
+#include <selinux/setrans.h>
 
 int fgetfilecon(int fd, security_context_t *context)
 {
@@ -37,9 +38,8 @@
 		ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size-1); 
 	}
 out:			
-	if (ret < 0)
-		free(buf);
-	else
-		*context = buf;
+	if (ret >= 0)
+		*context = setransconlevel(buf);
+       free(buf);
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.24.2/src/getcon.c
--- nsalibselinux/src/getcon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.24.2/src/getcon.c	2005-08-05 09:47:55.000000000 -0400
@@ -30,7 +30,7 @@
 	if (ret < 0)
 		goto out2;
 
-	*context = strdup(buf);
+	*context = setransconlevel(buf);
 	if (!(*context)) {
 		ret = -1;
 		goto out2;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.24.2/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2005-01-28 12:15:29.000000000 -0500
+++ libselinux-1.24.2/src/getfilecon.c	2005-08-05 09:47:55.000000000 -0400
@@ -6,6 +6,7 @@
 #include <errno.h>
 #include <sys/xattr.h>
 #include "policy.h"
+#include <selinux/setrans.h>
 
 int getfilecon(const char *path, security_context_t *context)
 {
@@ -37,10 +38,9 @@
 		ret = getxattr(path, XATTR_NAME_SELINUX, buf, size-1); 
 	}
 out:			
-	if (ret < 0)
-		free(buf);
-	else
-		*context = buf;
+	if (ret >= 0)
+		*context = setransconlevel(buf);
+	free(buf);
 	return ret;
 }
 hidden_def(getfilecon)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.24.2/src/getpidcon.c
--- nsalibselinux/src/getpidcon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.24.2/src/getpidcon.c	2005-08-05 09:47:55.000000000 -0400
@@ -34,7 +34,7 @@
 	if (ret < 0)
 		goto out2;
 
-	*context = strdup(buf);
+	*context = setransconlevel(buf);
 	if (!(*context)) {
 		ret = -1;
 		goto out2;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.24.2/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.24.2/src/lgetfilecon.c	2005-08-05 09:47:55.000000000 -0400
@@ -37,9 +37,8 @@
 		ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size-1); 
 	}
 out:			
-	if (ret < 0)
-		free(buf);
-	else
-		*context = buf;
+	if (ret >= 0)
+		*context = setransconlevel(buf);
+	free(buf);
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans.c libselinux-1.24.2/src/setrans.c
--- nsalibselinux/src/setrans.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.24.2/src/setrans.c	2005-08-05 09:51:03.000000000 -0400
@@ -0,0 +1,71 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/setrans.h>
+#include <selinux/context.h>
+#include <dlfcn.h>
+
+static selevel_t *(*setrans_selevelbyname)( const char* name);
+static selevel_t *(*setrans_selevelbysename)( const char* sename);
+
+void freeselevel( selevel_t *level) {
+	if (level->name) 
+		free(level->name);
+	if (level->sename) 
+		free(level->sename);
+	free(level);
+}
+
+/* Find and load the Security Level translation library */
+static int getlibsetrans(void) {
+	static void *handle = NULL;
+	char *error;
+	if (handle) {
+		return 0;
+	}
+	handle = dlopen ("libsetrans.so", RTLD_LAZY);
+	if (!handle)
+		return 1;
+	dlerror();
+	*(selevel_t **) (&setrans_selevelbyname) = dlsym(handle, "setrans_getselevelbyname");
+	if ((error = dlerror()) != NULL)  {
+		return 1;
+	}
+	*(selevel_t **) (&setrans_selevelbysename) = dlsym(handle, "setrans_getselevelbysename");
+	if ((error = dlerror()) != NULL)  {
+		return 1;
+	}
+	return 0;
+}
+
+/* Get Security Level via internal Name */
+selevel_t *getselevelbyname( const char* name) {
+	if (getlibsetrans()) return NULL;
+	return (*setrans_selevelbyname)(name);
+}
+
+/* Get Security Level via external Name */
+selevel_t *getselevelbysename( const char* sename) {
+	if (getlibsetrans()) return NULL;
+	return (*setrans_selevelbysename)(sename);
+}
+
+/* Function used to translate a security context into external representation */
+extern char *setransconlevel(const security_context_t scon) {
+	char *rcon;
+	context_t con=context_new(scon);
+	selevel_t *level;
+	if (!con) 
+		return NULL;
+	level=getselevelbyname(context_range_get(con));
+	if (level) {
+		context_range_set(con, level->sename);
+		rcon=strdup(context_str(con));
+		freeselevel(level);
+	} else {
+		rcon=strdup(scon);
+	}
+	context_free(con);
+	return rcon;
+}

[-- Attachment #3: libsetrans-0.1.0-1.src.rpm --]
[-- Type: application/x-rpm, Size: 12953 bytes --]