libselinux category patch

libselinux category patch

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 760 bytes --]

libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 

One eliminate MLS from the checking.  No reason why this has to be MLS 
specific.
Change mlstrans.c to trans.c.  See above.
Allow context functions to handle null range.
    In MCS I want to translate X:Y:Z:s0 to X:Y:Z, That way we can 
introduce MCS policy to targeted without the user
seeing any change.
A couple of minor changes.

setrans.c is the library code

I am attaching the translation library code I am going to throw in for 
MCS handling.  Basically translates
c1=PatientRecord
I have called the file /etc/secat.conf, tried to put it in 
/etc/selinux/secat.conf, but suddenly lots of domains wanted to read 
selinux_config_t files.

Is this agreeable to everyone?

Dan

-- 



[-- Attachment #2: libselinux-rhat.patch --]
[-- Type: text/x-patch, Size: 40106 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.2/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h	2005-08-11 22:41:15.000000000 -0400
+++ libselinux-1.25.2/include/selinux/selinux.h	2005-08-17 15:51:32.000000000 -0400
@@ -27,6 +27,7 @@
 /* Get current context, and set *con to refer to it.
    Caller must free via freecon. */
 extern int getcon(security_context_t *con);
+extern int getcon_raw(security_context_t *con);
 
 /* Set the current security context to con.  
    Note that use of this function requires that the entire application
@@ -37,32 +38,39 @@
    as a result of a setcon() unless policy allows it to use descriptors opened
    by the old context. */
 extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
 
 /* Get context of process identified by pid, and 
    set *con to refer to it.  Caller must free via freecon. */
 extern int getpidcon(pid_t pid, security_context_t *con);
+extern int getpidcon_raw(pid_t pid, security_context_t *con);
 
 /* Get previous context (prior to last exec), and set *con to refer to it.
    Caller must free via freecon. */
 extern int getprevcon(security_context_t *con);
+extern int getprevcon_raw(security_context_t *con);
 
 /* Get exec context, and set *con to refer to it.
    Sets *con to NULL if no exec context has been set, i.e. using default.
    If non-NULL, caller must free via freecon. */
 extern int getexeccon(security_context_t *con);
+extern int getexeccon_raw(security_context_t *con);
 
 /* Set exec security context for the next execve. 
    Call with NULL if you want to reset to the default. */
 extern int setexeccon(security_context_t con);
+extern int setexeccon_raw(security_context_t con);
 
 /* Get fscreate context, and set *con to refer to it.
    Sets *con to NULL if no fs create context has been set, i.e. using default.
    If non-NULL, caller must free via freecon. */
 extern int getfscreatecon(security_context_t *con);
+extern int getfscreatecon_raw(security_context_t *con);
 
 /* Set the fscreate security context for subsequent file creations.
    Call with NULL if you want to reset to the default. */
 extern int setfscreatecon(security_context_t context);
+extern int setfscreatecon_raw(security_context_t context);
 
 
 /* Wrappers for the xattr API. */
@@ -70,13 +78,19 @@
 /* Get file context, and set *con to refer to it.
    Caller must free via freecon. */
 extern int getfilecon(const char *path, security_context_t *con);
+extern int getfilecon_raw(const char *path, security_context_t *con);
 extern int lgetfilecon(const char *path, security_context_t *con);
+extern int lgetfilecon_raw(const char *path, security_context_t *con);
 extern int fgetfilecon(int fd, security_context_t *con);
+extern int fgetfilecon_raw(int fd, security_context_t *con);
 
 /* Set file context */
 extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
 extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
 extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
 
 
 /* Wrappers for the socket API */
@@ -84,6 +98,7 @@
 /* Get context of peer socket, and set *con to refer to it.
    Caller must free via freecon. */
 extern int getpeercon(int fd, security_context_t *con);
+extern int getpeercon_raw(int fd, security_context_t *con);
 
 
 /* Wrappers for the selinuxfs (policy) API. */
@@ -105,6 +120,11 @@
 			       security_class_t tclass,
 			       access_vector_t requested,
 			       struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+                                   security_context_t tcon,
+                                   security_class_t tclass,
+                                   access_vector_t requested,
+                                   struct av_decision *avd);
 
 /* Compute a labeling decision and set *newcon to refer to it.
    Caller must free via freecon. */
@@ -112,6 +132,10 @@
 				   security_context_t tcon,
 				   security_class_t tclass,
 				   security_context_t *newcon);
+extern int security_compute_create_raw(security_context_t scon,
+                                       security_context_t tcon,
+                                       security_class_t tclass,
+                                       security_context_t *newcon);
 
 /* Compute a relabeling decision and set *newcon to refer to it.
    Caller must free via freecon. */
@@ -119,6 +143,10 @@
 				    security_context_t tcon,
 				    security_class_t tclass,
 				    security_context_t *newcon);
+extern int security_compute_relabel_raw(security_context_t scon,
+                                        security_context_t tcon,
+                                        security_class_t tclass,
+                                        security_context_t *newcon);
 
 /* Compute a polyinstantiation member decision and set *newcon to refer to it.
    Caller must free via freecon. */
@@ -126,12 +154,19 @@
 				   security_context_t tcon,
 				   security_class_t tclass,
 				   security_context_t *newcon);
+extern int security_compute_member_raw(security_context_t scon,
+                                       security_context_t tcon,
+                                       security_class_t tclass,
+                                       security_context_t *newcon);
 
 /* Compute the set of reachable user contexts and set *con to refer to 
    the NULL-terminated array of contexts.  Caller must free via freeconary. */
 extern int security_compute_user(security_context_t scon,
 				 const char *username,
 				 security_context_t **con);
+extern int security_compute_user_raw(security_context_t scon,
+                                     const char *username,
+                                     security_context_t **con);
 
 /* Load a policy configuration. */
 extern int security_load_policy(void *data, size_t len);
@@ -153,6 +188,7 @@
 
 /* Check the validity of a security context. */
 extern int security_check_context(security_context_t con);
+extern int security_check_context_raw(security_context_t con);
 
 /* Get the enforce flag value. */
 extern int security_getenforce(void);
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxenabled.8 libselinux-1.25.2/man/man8/selinuxenabled.8
--- nsalibselinux/man/man8/selinuxenabled.8	2004-11-02 14:26:19.000000000 -0500
+++ libselinux-1.25.2/man/man8/selinuxenabled.8	2005-08-17 15:51:32.000000000 -0400
@@ -7,7 +7,7 @@
 .SH "DESCRIPTION"
 .B selinuxenabled
 Indicates whether SELinux is enabled or disabled. It exits with status 0 
-if SELinux is enabled and -256 if it is not enabled.
+if SELinux is enabled and 1 if it is not enabled.
 
 .SH AUTHOR	
 Dan Walsh, <dwalsh@redhat.com>
diff --exclude-from=exclude -N -u -r nsalibselinux/src/checkAccess.c libselinux-1.25.2/src/checkAccess.c
--- nsalibselinux/src/checkAccess.c	2005-08-11 22:41:15.000000000 -0400
+++ libselinux-1.25.2/src/checkAccess.c	2005-08-17 15:51:32.000000000 -0400
@@ -11,13 +11,13 @@
         security_context_t user_context;
         if (is_selinux_enabled() == 0) 
                 return 0;
-        if( getprevcon(&user_context)==0 ) {
+        if( getprevcon_raw(&user_context)==0 ) {
                 struct av_decision avd;
-                int retval = security_compute_av(user_context,
-                                                 user_context,
-                                                 SECCLASS_PASSWD,
-                                                 requested,
-                                                 &avd);
+                int retval = security_compute_av_raw(user_context,
+                                                     user_context,
+                                                     SECCLASS_PASSWD,
+                                                     requested,
+                                                     &avd);
                 
                 if ((retval == 0) && 
                     ((requested & avd.allowed) == requested)) {
diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.25.2/src/check_context.c
--- nsalibselinux/src/check_context.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/check_context.c	2005-08-17 15:51:32.000000000 -0400
@@ -9,7 +9,7 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_check_context(security_context_t con)
+int security_check_context_raw(security_context_t con)
 {
 	char path[PATH_MAX];
 	int fd, ret;
@@ -25,4 +25,21 @@
 		return -1;
 	return 0;
 }
+hidden_def(security_check_context_raw)
+
+int security_check_context(security_context_t con)
+{
+	int ret;
+	security_context_t rcon = con;
+
+	if (context_translations && trans_to_raw_context(con, &rcon))
+		return -1;
+
+ 	ret = security_check_context_raw(rcon);
+
+	if (context_translations)
+		freecon(rcon);
+
+	return ret;
+}
 hidden_def(security_check_context)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.25.2/src/compute_av.c
--- nsalibselinux/src/compute_av.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/compute_av.c	2005-08-17 15:51:32.000000000 -0400
@@ -10,11 +10,11 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_av(security_context_t scon,
-			security_context_t tcon,
-			security_class_t tclass,
-			access_vector_t requested,
-			struct av_decision *avd)
+int security_compute_av_raw(security_context_t scon,
+                            security_context_t tcon,
+                            security_class_t tclass,
+                            access_vector_t requested,
+                            struct av_decision *avd)
 {
 	char path[PATH_MAX];
 	char *buf;
@@ -58,4 +58,34 @@
 	close(fd);
 	return ret;
 }
+hidden_def(security_compute_av_raw)
+
+int security_compute_av(security_context_t scon,
+                        security_context_t tcon,
+                        security_class_t tclass,
+                        access_vector_t requested,
+                        struct av_decision *avd)
+{
+	int ret;
+	security_context_t rscon = scon;
+	security_context_t rtcon = tcon;
+
+	if (context_translations) {
+		if (trans_to_raw_context(scon, &rscon))
+			return -1;
+		if (trans_to_raw_context(tcon, &rtcon)) {
+			freecon(rscon);
+			return -1;
+		}
+	}
+
+ 	ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
+
+	if (context_translations) {
+		freecon(rscon);
+		freecon(rtcon);
+	}
+
+	return ret;
+}
 hidden_def(security_compute_av)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.25.2/src/compute_create.c
--- nsalibselinux/src/compute_create.c	2005-01-28 12:15:29.000000000 -0500
+++ libselinux-1.25.2/src/compute_create.c	2005-08-17 15:51:32.000000000 -0400
@@ -10,10 +10,10 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_create(security_context_t scon,
-			    security_context_t tcon,
-			    security_class_t tclass,
-			    security_context_t *newcon)
+int security_compute_create_raw(security_context_t scon,
+                                security_context_t tcon,
+                                security_class_t tclass,
+                                security_context_t *newcon)
 {
 	char path[PATH_MAX];
 	char *buf;
@@ -54,4 +54,42 @@
 	close(fd);
 	return ret;
 }
+hidden_def(security_compute_create_raw)
+
+int security_compute_create(security_context_t scon,
+                            security_context_t tcon,
+                            security_class_t tclass,
+                            security_context_t *newcon)
+{
+	int ret;
+	security_context_t rscon = scon;
+	security_context_t rtcon = tcon;
+	security_context_t rnewcon;
+
+	if (context_translations) {
+		if (trans_to_raw_context(scon, &rscon))
+			return -1;
+		if (trans_to_raw_context(tcon, &rtcon)) {
+			freecon(rscon);
+			return -1;
+		}
+	}
+
+ 	ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
+
+	if (context_translations) {
+		freecon(rscon);
+		freecon(rtcon);
+		if (!ret) {
+			if (raw_to_trans_context(rnewcon, newcon)) {
+				*newcon = NULL;
+				ret = -1;
+			}
+			freecon(rnewcon);
+		}
+	} else
+		*newcon = rnewcon;
+
+	return ret;
+}
 hidden_def(security_compute_create)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.25.2/src/compute_member.c
--- nsalibselinux/src/compute_member.c	2004-12-02 13:20:18.000000000 -0500
+++ libselinux-1.25.2/src/compute_member.c	2005-08-17 15:51:32.000000000 -0400
@@ -6,14 +6,14 @@
 #include <errno.h>
 #include <string.h>
 #include <asm/page.h>
-#include <selinux/selinux.h>
+#include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_member(security_context_t scon,
-			    security_context_t tcon,
-			    security_class_t tclass,
-			    security_context_t *newcon)
+int security_compute_member_raw(security_context_t scon,
+                                security_context_t tcon,
+                                security_class_t tclass,
+                                security_context_t *newcon)
 {
 	char path[PATH_MAX];
 	char *buf;
@@ -54,3 +54,40 @@
 	close(fd);
 	return ret;
 }
+
+int security_compute_member(security_context_t scon,
+                            security_context_t tcon,
+                            security_class_t tclass,
+                            security_context_t *newcon)
+{
+	int ret;
+	security_context_t rscon = scon;
+	security_context_t rtcon = tcon;
+	security_context_t rnewcon;
+
+	if (context_translations) {
+		if (trans_to_raw_context(scon, &rscon))
+			return -1;
+		if (trans_to_raw_context(tcon, &rtcon)) {
+			freecon(rscon);
+			return -1;
+		}
+	}
+
+ 	ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
+
+	if (context_translations) {
+		freecon(rscon);
+		freecon(rtcon);
+		if (!ret) {
+			if (raw_to_trans_context(rnewcon, newcon)) {
+				*newcon = NULL;
+				ret = -1;
+			}
+			freecon(rnewcon);
+		}
+	} else
+		*newcon = rnewcon;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.25.2/src/compute_relabel.c
--- nsalibselinux/src/compute_relabel.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/compute_relabel.c	2005-08-17 15:51:32.000000000 -0400
@@ -6,14 +6,14 @@
 #include <errno.h>
 #include <string.h>
 #include <asm/page.h>
-#include <selinux/selinux.h>
+#include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_relabel(security_context_t scon,
-			    security_context_t tcon,
-			    security_class_t tclass,
-			    security_context_t *newcon)
+int security_compute_relabel_raw(security_context_t scon,
+                                 security_context_t tcon,
+                                 security_class_t tclass,
+                                 security_context_t *newcon)
 {
 	char path[PATH_MAX];
 	char *buf;
@@ -54,3 +54,40 @@
 	close(fd);
 	return ret;
 }
+
+int security_compute_relabel(security_context_t scon,
+                             security_context_t tcon,
+                             security_class_t tclass,
+                             security_context_t *newcon)
+{
+	int ret;
+	security_context_t rscon = scon;
+	security_context_t rtcon = tcon;
+	security_context_t rnewcon;
+
+	if (context_translations) {
+		if (trans_to_raw_context(scon, &rscon))
+			return -1;
+		if (trans_to_raw_context(tcon, &rtcon)) {
+			freecon(rscon);
+			return -1;
+		}
+	}
+
+ 	ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
+
+	if (context_translations) {
+		freecon(rscon);
+		freecon(rtcon);
+		if (!ret) {
+			if (raw_to_trans_context(rnewcon, newcon)) {
+				*newcon = NULL;
+				ret = -1;
+			}
+			freecon(rnewcon);
+		}
+	} else
+		*newcon = rnewcon;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.25.2/src/compute_user.c
--- nsalibselinux/src/compute_user.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/compute_user.c	2005-08-17 15:51:32.000000000 -0400
@@ -10,9 +10,9 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_user(security_context_t scon,
-			  const char *user,
-			  security_context_t **con)
+int security_compute_user_raw(security_context_t scon,
+                              const char *user,
+                              security_context_t **con)
 {
 	char path[PATH_MAX];
 	char **ary;
@@ -73,4 +73,36 @@
 	close(fd);
 	return ret;
 }
+hidden_def(security_compute_user_raw)
+
+int security_compute_user(security_context_t scon,
+                          const char *user,
+                          security_context_t **con)
+{
+	int ret;
+	security_context_t rscon = scon;
+
+	if (context_translations && trans_to_raw_context(scon, &rscon))
+		return -1;
+
+ 	ret = security_compute_user_raw(rscon, user, con);
+
+	if (context_translations) {
+		freecon(rscon);
+		if (!ret) {
+			security_context_t *ptr, tmpcon;
+			for (ptr = *con; *ptr; ptr++) {
+				if (raw_to_trans_context(*ptr, &tmpcon)) {
+					freeconary(*con);
+					*con = NULL;
+					return -1;
+				}
+				freecon(*ptr);
+				*ptr = tmpcon;
+			}
+		}
+	}
+
+	return ret;
+}
 hidden_def(security_compute_user)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/context.c libselinux-1.25.2/src/context.c
--- nsalibselinux/src/context.c	2005-08-11 22:41:15.000000000 -0400
+++ libselinux-1.25.2/src/context.c	2005-08-17 15:51:32.000000000 -0400
@@ -15,7 +15,8 @@
 
 /*
  * Allocate a new context, initialized from str.  There must be 3 or
- * 4 colon-separated components and no whitespace.
+ * 4 colon-separated components and no whitespace in the user, role, or type
+ * components.  MLS components may have spaces in translated form.
  */
 context_t
 context_new(const char *str)
@@ -35,7 +36,8 @@
         for ( i = count = 0, p = str; *p; p++ ) {
                 switch ( *p ) { 
                 case ':': count++; break;
-                case '\n': case '\t': case '\r': case ' ': goto err; /* sanity check */
+                case '\n': case '\t': case '\r': goto err; /* sanity check */
+                case ' ': if (count < 3) goto err; /* sanity check */
                 }
         }
 	/*
@@ -141,8 +143,8 @@
         const char *p;
         if ( !t ) { return 1; }
         for ( p = str; *p; p++ ) {
-                if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
-                     (*p == ':' && index != COMP_RANGE) ) {
+                if ( *p == '\t' || *p == '\n' || *p == '\r' ||
+                     ((*p == ':' || *p == ' ') && index != COMP_RANGE) ) {
                         free(t);
                         return 1;
                 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.25.2/src/enabled.c
--- nsalibselinux/src/enabled.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/enabled.c	2005-08-17 15:51:32.000000000 -0400
@@ -42,7 +42,7 @@
 
 	enabled = 1;
 
-	if (getcon(&con) == 0) {
+	if (getcon_raw(&con) == 0) {
 		if (!strcmp(con, "kernel"))
 			enabled = 0;
 		freecon(con);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.25.2/src/fgetfilecon.c
--- nsalibselinux/src/fgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/fgetfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,13 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int fgetfilecon(int fd, security_context_t *context)
+int fgetfilecon_raw(int fd, security_context_t *context)
 {
 	char *buf;
 	ssize_t size;
@@ -43,3 +43,22 @@
 		*context = buf;
 	return ret;
 }
+
+int fgetfilecon(int fd, security_context_t *context)
+{
+	security_context_t rcontext;
+	int ret;
+
+ 	ret = fgetfilecon_raw(fd, &rcontext);
+
+	if (context_translations && ret > 0) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.25.2/src/fsetfilecon.c
--- nsalibselinux/src/fsetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/fsetfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,29 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int fsetfilecon(int fd, security_context_t context)
+int fsetfilecon_raw(int fd, security_context_t context)
 {
 	return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+
+int fsetfilecon(int fd, security_context_t context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = fsetfilecon_raw(fd, rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.25.2/src/getcon.c
--- nsalibselinux/src/getcon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getcon.c	2005-08-17 15:51:32.000000000 -0400
@@ -7,7 +7,7 @@
 #include <asm/page.h>
 #include "policy.h"
 
-int getcon(security_context_t *context)
+int getcon_raw(security_context_t *context)
 {
 	char *buf;
 	size_t size;
@@ -42,4 +42,24 @@
 	close(fd);
 	return ret;
 }
+hidden_def(getcon_raw)
+
+int getcon(security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getcon_raw(&rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
 hidden_def(getcon)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.25.2/src/getexeccon.c
--- nsalibselinux/src/getexeccon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getexeccon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,13 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <asm/page.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int getexeccon(security_context_t *context)
+int getexeccon_raw(security_context_t *context)
 {
 	char *buf;
 	size_t size;
@@ -47,3 +47,22 @@
 	close(fd);
 	return ret;
 }
+
+int getexeccon(security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getexeccon_raw(&rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.25.2/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2005-01-28 12:15:29.000000000 -0500
+++ libselinux-1.25.2/src/getfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -7,7 +7,7 @@
 #include <sys/xattr.h>
 #include "policy.h"
 
-int getfilecon(const char *path, security_context_t *context)
+int getfilecon_raw(const char *path, security_context_t *context)
 {
 	char *buf;
 	ssize_t size;
@@ -43,4 +43,24 @@
 		*context = buf;
 	return ret;
 }
+hidden_def(getfilecon_raw)
+
+int getfilecon(const char *path, security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getfilecon_raw(path, &rcontext);
+
+	if (context_translations && ret > 0) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
 hidden_def(getfilecon)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.25.2/src/getfscreatecon.c
--- nsalibselinux/src/getfscreatecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getfscreatecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,13 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <asm/page.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int getfscreatecon(security_context_t *context)
+int getfscreatecon_raw(security_context_t *context)
 {
 	char *buf;
 	size_t size;
@@ -47,3 +47,22 @@
 	close(fd);
 	return ret;
 }
+
+int getfscreatecon(security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getfscreatecon_raw(&rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.25.2/src/getpeercon.c
--- nsalibselinux/src/getpeercon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getpeercon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,17 +1,17 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/socket.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
 #ifndef SO_PEERSEC
 #define SO_PEERSEC 31
 #endif
 
-int getpeercon(int fd, security_context_t *context)
+int getpeercon_raw(int fd, security_context_t *context)
 {
 	char *buf;
 	socklen_t size;
@@ -42,3 +42,22 @@
 		*context = buf;
 	return ret;
 }
+
+int getpeercon(int fd, security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getpeercon_raw(fd, &rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.25.2/src/getpidcon.c
--- nsalibselinux/src/getpidcon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getpidcon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,14 +1,14 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <asm/page.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int getpidcon(pid_t pid, security_context_t *context)
+int getpidcon_raw(pid_t pid, security_context_t *context)
 {
 	char path[40];
 	char *buf;
@@ -46,3 +46,22 @@
 	close(fd);
 	return ret;
 }
+
+int getpidcon(pid_t pid, security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getpidcon_raw(pid, &rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.25.2/src/getprevcon.c
--- nsalibselinux/src/getprevcon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/getprevcon.c	2005-08-17 15:51:32.000000000 -0400
@@ -7,7 +7,7 @@
 #include <asm/page.h>
 #include "policy.h"
 
-int getprevcon(security_context_t *context)
+int getprevcon_raw(security_context_t *context)
 {
 	char *buf;
 	size_t size;
@@ -42,4 +42,24 @@
 	close(fd);
 	return ret;
 }
+hidden_def(getprevcon_raw)
+
+int getprevcon(security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = getprevcon_raw(&rcontext);
+
+	if (context_translations && !ret) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
 hidden_def(getprevcon)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.2/src/init.c
--- nsalibselinux/src/init.c	2005-04-29 14:06:52.000000000 -0400
+++ libselinux-1.25.2/src/init.c	2005-08-17 15:51:32.000000000 -0400
@@ -7,13 +7,12 @@
 #include <ctype.h>
 #include <asm/page.h>
 #include <stdio.h>
+#include <dlfcn.h>
 
 #include "policy.h"
 
 char *selinux_mnt = NULL;
 
-static void init_selinuxmnt(void) __attribute__ ((constructor));
-
 static void init_selinuxmnt(void)
 {
 	char *buf, *bufp, *p;
@@ -63,8 +62,6 @@
 
 }
 
-static void fini_selinuxmnt(void) __attribute__ ((destructor));
-
 static void fini_selinuxmnt(void)
 {
 	free(selinux_mnt);
@@ -76,3 +73,60 @@
 	selinux_mnt = strdup(mnt);
 }
  
+int context_translations = 0;
+void *translation_lib_handle = NULL;
+/* from libsetrans.c */
+extern int (*lib_trans_to_raw_context)(char *raw, char **transp);
+extern int (*lib_raw_to_trans_context)(char *trans, char **rawp);
+
+
+static void init_translations(void)
+{
+	int (*lib_trans_init)(void) = NULL;
+
+	translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
+	if (!translation_lib_handle)
+		return;
+
+	dlerror();
+
+	lib_trans_init = dlsym(translation_lib_handle,
+	                       "init_context_translations");
+	if (dlerror() || lib_trans_init())
+		return;
+
+	lib_raw_to_trans_context = dlsym(translation_lib_handle,
+	                                 "translate_context");
+	if (dlerror())
+		return;
+
+	lib_trans_to_raw_context = dlsym(translation_lib_handle,
+	                                 "untranslate_context");
+	if (dlerror())
+		return;
+
+	context_translations = 1;
+}
+
+static void fini_translations(void)
+{
+	context_translations = 0;
+	if (translation_lib_handle) {
+		dlclose(translation_lib_handle);
+		translation_lib_handle = NULL;
+	}
+}
+
+static void init_lib(void) __attribute__ ((constructor));
+static void init_lib(void)
+{
+	init_selinuxmnt();
+	init_translations();
+}
+
+static void fini_lib(void) __attribute__ ((destructor));
+static void fini_lib(void)
+{
+	fini_translations();
+	fini_selinuxmnt();
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.25.2/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/lgetfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,13 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int lgetfilecon(const char *path, security_context_t *context)
+int lgetfilecon_raw(const char *path, security_context_t *context)
 {
 	char *buf;
 	ssize_t size;
@@ -43,3 +43,22 @@
 		*context = buf;
 	return ret;
 }
+
+int lgetfilecon(const char *path, security_context_t *context)
+{
+	int ret;
+	security_context_t rcontext;
+
+ 	ret = lgetfilecon_raw(path, &rcontext);
+
+	if (context_translations && ret > 0) {
+		if (raw_to_trans_context(rcontext, context)) {
+			*context = NULL;
+			ret = -1;
+		}
+		freecon(rcontext);
+	} else
+		*context = rcontext;
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.25.2/src/lsetfilecon.c
--- nsalibselinux/src/lsetfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/lsetfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,29 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int lsetfilecon(const char *path, security_context_t context)
+int lsetfilecon_raw(const char *path, security_context_t context)
 {
 	return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+
+int lsetfilecon(const char *path, security_context_t context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = lsetfilecon_raw(path, rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.25.2/src/matchmediacon.c
--- nsalibselinux/src/matchmediacon.c	2005-03-29 21:55:23.000000000 -0500
+++ libselinux-1.25.2/src/matchmediacon.c	2005-08-17 15:51:32.000000000 -0400
@@ -58,7 +58,14 @@
 	if (!(*ptr2)) {
 		return -1;
 	}
-	
-	*con = strdup(ptr2);
+
+	if (context_translations) {
+		if (raw_to_trans_context(ptr2, con)) {
+			*con = NULL;
+			return -1;
+		}
+	} else
+		*con = strdup(ptr2);
+
 	return 0;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.25.2/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c	2005-08-11 22:41:15.000000000 -0400
+++ libselinux-1.25.2/src/matchpathcon.c	2005-08-17 15:51:32.000000000 -0400
@@ -514,6 +514,18 @@
 		spec_arr[nspec].context = context;
 		
 		if (strcmp(context, "<<none>>")) {
+			if (context_translations) {
+				if (raw_to_trans_context(context,
+				                    &spec_arr[nspec].context)) {
+					myprintf("%s: line %u has invalid "
+					         "context %s\n",
+					         path, lineno, context);
+					return 0;
+				}
+				free(context);
+				context = spec_arr[nspec].context;
+			}
+
 			if (myinvalidcon(path, lineno, context))
 				return 0;
 		}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/rpm.c libselinux-1.25.2/src/rpm.c
--- nsalibselinux/src/rpm.c	2005-04-06 06:57:35.000000000 -0400
+++ libselinux-1.25.2/src/rpm.c	2005-08-17 15:51:32.000000000 -0400
@@ -16,15 +16,15 @@
 	if (is_selinux_enabled() < 1)
 		return execve(filename, argv, envp);
 
-	rc = getcon(&mycon);
+	rc = getcon_raw(&mycon);
 	if (rc < 0)
 		goto out;
 
-	rc = getfilecon(filename, &fcon);
+	rc = getfilecon_raw(filename, &fcon);
 	if (rc < 0)
 		goto out;
 
-	rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon);
+	rc = security_compute_create_raw(mycon, fcon, SECCLASS_PROCESS, &newcon);
 	if (rc < 0)
 		goto out;
 
@@ -41,7 +41,7 @@
 			goto out;
 	}
 
-	rc = setexeccon(newcon);
+	rc = setexeccon_raw(newcon);
 	if (rc < 0) 
 		goto out;
 	rc = execve(filename, argv, envp);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.25.2/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h	2005-02-17 14:22:28.000000000 -0500
+++ libselinux-1.25.2/src/selinux_internal.h	2005-08-17 15:51:32.000000000 -0400
@@ -4,18 +4,25 @@
 hidden_proto(security_set_boolean)
 hidden_proto(security_commit_booleans)
 hidden_proto(security_check_context)
+hidden_proto(security_check_context_raw)
 hidden_proto(security_compute_av)
+hidden_proto(security_compute_av_raw)
 hidden_proto(security_compute_user)
+hidden_proto(security_compute_user_raw)
 hidden_proto(security_compute_create)
+hidden_proto(security_compute_create_raw)
 hidden_proto(is_selinux_enabled)
 hidden_proto(is_selinux_mls_enabled)
-hidden_proto(security_check_context)
 hidden_proto(freecon)
 hidden_proto(freeconary)
 hidden_proto(getprevcon)
+hidden_proto(getprevcon_raw)
 hidden_proto(getcon)
+hidden_proto(getcon_raw)
 hidden_proto(getfilecon)
+hidden_proto(getfilecon_raw)
 hidden_proto(setexeccon)
+hidden_proto(setexeccon_raw)
 hidden_proto(security_getenforce)
 hidden_proto(selinux_default_context_path)
 hidden_proto(selinux_failsafe_context_path)
@@ -27,3 +34,7 @@
 hidden_proto(selinux_media_context_path)
 hidden_proto(matchpathcon_init)
 hidden_proto(selinux_users_path)
+
+extern int context_translations;
+extern int trans_to_raw_context(char *raw, char **transp);
+extern int raw_to_trans_context(char *trans, char **rawp);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.25.2/src/setcon.c
--- nsalibselinux/src/setcon.c	2004-11-30 15:59:03.000000000 -0500
+++ libselinux-1.25.2/src/setcon.c	2005-08-17 15:51:32.000000000 -0400
@@ -5,9 +5,9 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
+#include "selinux_internal.h"
 
-int setcon(security_context_t context)
+int setcon_raw(security_context_t context)
 {
 	int fd;
 	ssize_t ret;
@@ -25,3 +25,19 @@
 	else
 		return 0;
 }
+
+int setcon(char *context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setcon_raw(rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.25.2/src/setexeccon.c
--- nsalibselinux/src/setexeccon.c	2005-01-28 12:15:29.000000000 -0500
+++ libselinux-1.25.2/src/setexeccon.c	2005-08-17 15:51:32.000000000 -0400
@@ -3,7 +3,7 @@
 #include <string.h>
 #include "selinux_internal.h"
 
-int setexeccon(security_context_t context)
+int setexeccon_raw(security_context_t context)
 {
 	int fd;
 	ssize_t ret;
@@ -21,4 +21,21 @@
 	else
 		return 0;
 }
+hidden_def(setexeccon_raw)
+
+int setexeccon(char *context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setexeccon_raw(rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
 hidden_def(setexeccon)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.25.2/src/setfilecon.c
--- nsalibselinux/src/setfilecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/setfilecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,13 +1,29 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/selinux.h>
 #include <stdlib.h>
 #include <errno.h>
 #include <sys/xattr.h>
+#include "selinux_internal.h"
 #include "policy.h"
 
-int setfilecon(const char *path, security_context_t context)
+int setfilecon_raw(const char *path, security_context_t context)
 {
 	return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+
+int setfilecon(const char *path, security_context_t context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setfilecon_raw(path, rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.25.2/src/setfscreatecon.c
--- nsalibselinux/src/setfscreatecon.c	2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.25.2/src/setfscreatecon.c	2005-08-17 15:51:32.000000000 -0400
@@ -1,9 +1,9 @@
 #include <unistd.h>
 #include <string.h>
 #include <fcntl.h>
-#include <selinux/selinux.h>
+#include "selinux_internal.h"
 
-int setfscreatecon(char *context)
+int setfscreatecon_raw(char *context)
 {
 	int fd;
 	ssize_t ret;
@@ -21,3 +21,19 @@
 	else
 		return 0;
 }
+
+int setfscreatecon(char *context)
+{
+	int ret;
+	security_context_t rcontext = context;
+
+	if (context_translations && trans_to_raw_context(context, &rcontext))
+		return -1;
+
+ 	ret = setfscreatecon_raw(rcontext);
+
+	if (context_translations)
+		freecon(rcontext);
+
+	return ret;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.25.2/src/trans.c
--- nsalibselinux/src/trans.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.25.2/src/trans.c	2005-08-17 15:51:32.000000000 -0400
@@ -0,0 +1,32 @@
+#include "selinux_internal.h"
+#include <string.h>
+
+int (*lib_trans_to_raw_context)(char *raw, char **transp) = NULL;
+int (*lib_raw_to_trans_context)(char *trans, char **rawp) = NULL;
+
+int trans_to_raw_context(char *raw, char **transp)
+{
+	if (!raw) {
+		*transp = NULL;
+		return 0;
+	}
+
+	if (lib_trans_to_raw_context(raw, transp))
+		*transp = strdup(raw);
+
+	return transp ? 0 : -1;
+}
+
+int raw_to_trans_context(char *trans, char **rawp)
+{
+	if (!trans) {
+		*rawp = NULL;
+		return 0;
+	}
+
+	if (lib_raw_to_trans_context(trans, rawp))
+		*rawp = strdup(trans);
+
+	return rawp ? 0 : -1;
+}
+

[-- Attachment #3: setrans.c --]
[-- Type: text/x-csrc, Size: 3864 bytes --]

#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <selinux/selinux.h>
#include <selinux/context.h>

#define CATEGORYFILE "/etc/secat.conf"

/* Define data structures */
typedef struct selevel {
	char* name;
	char* sename;
} selevel_t;

/* catlist is a simple linked list of selevels extracted from the CATEGORYFILE */
typedef struct cat {
	struct cat *next;
	selevel_t level;
} cat_t;

static cat_t *catlist=NULL;

/* Remove excess white space */
static char *strtrim(char *dest, char *source, int size) {
	int i=0;
	char *ptr=source;
	i=0;
	while(isspace(*ptr) && i < size) {
		ptr++;
		i++;
	}
	strncpy(dest,ptr,size);
	for(i=strlen(dest)-1; i> 0; i--) {
		if (!isspace(dest[i])) break;
	}
	dest[i+1]='\0';
	return dest;
}
/* Process line from CATEGORYFILE. 
   Remove white space and set name do data before the "=" and sename to data
   after it */
static int process_category(char *buffer, cat_t **cat) {
	char name[BUFSIZ];
	char name1[BUFSIZ];
	int namesize=sizeof(name);
	struct cat *next;
	char *ptr;
	char *tok=strtok_r(buffer,"=",&ptr);
	if (!tok) return 0;
	strncpy(name1,tok, BUFSIZ-1);
	strtrim(name,name1,namesize-1);
	if ( name[0]=='#' ) return 0;
	tok=strtok_r(NULL,"\0",&ptr);
	if (!tok) return 0;
	while (isspace(*tok)) tok++;
	next=(cat_t *) calloc(sizeof(cat_t), 1);
	if (!next) return 0;
	next->level.name=strdup(name);
	if (!next->level.name) {
		free(next);
		return 0;
	}
	strncpy(name1,tok, BUFSIZ-1);
	strtrim(name,name1,namesize-1);
	next->level.sename=strdup(name);
	if (!next->level.sename) {
		free(next->level.name);
		free(next);
		return 0;
	}
	*cat=next;
	return 1;
}

/* Read in CATEGORYFILE Only runs once per process.  
   Might want to change to some kind of reload eventually, for long running
   processes.
 */
int init_context_translations() {
	FILE *cfg;
	cat_t *ptr=NULL;
	cat_t *next=NULL;
	size_t size=0;
	char *buffer=NULL;
	int ctr=0;
	if (catlist) return 0;
	cfg = fopen(CATEGORYFILE,"r");
	if (cfg == NULL) 
		return 1;

	ptr=catlist=calloc(1,sizeof(cat_t));
	while (getline(&buffer, &size, cfg) > 0) {
		if (process_category(buffer, &next)) {
			ctr++;
			ptr->next=next;
			ptr=next;
		}
	}
	if (buffer)
		free(buffer);
	return 0;
}

/* Look for selevel via internal name */
static char *translate(const char *cat) {
	cat_t *ptr=NULL;
	if (catlist) 
		for (ptr=catlist->next;ptr; ptr=ptr->next) 
			if (strcmp(cat,ptr->level.name)==0) 
				return strdup(ptr->level.sename); 
	return strdup(cat);
}

/* Look for selevel via external name */
static char *untranslate(const char *sename) {
	cat_t *ptr=NULL;
	if (catlist) 
		for(ptr=catlist->next;ptr; ptr=ptr->next)
			if (strcmp(sename,ptr->level.sename)==0) 
				return strdup(ptr->level.name); 
	return strdup(sename);
}

/* Look for selevel via external name */
int translate_context( const security_context_t oldcon, security_context_t *rcon) {
	const char *range=NULL;
	char *newrange=NULL;
	const char *ptr=NULL;
	context_t con=context_new(oldcon);

	if (! con)
		return -1;

	range=context_range_get(con);
	if (range) {
		if(strcmp(range,"s0") == 0 ) {
			context_range_set(con,NULL);
		}
		else 
		{
			ptr=strrchr(range,':');
			if (ptr) 
				ptr++;
			else
				ptr=range;
			newrange=translate(ptr);
			if (newrange) {
				context_range_set(con,newrange);
			}
		}
	}
	*rcon=strdup(context_str(con));
	context_free(con);
	return 0;
}

/* Look for selevel via external name */
int untranslate_context( const security_context_t oldcon, security_context_t *rcon) {
	const char *range=NULL;
	char *newrange=NULL;
	context_t con=context_new(oldcon);

	if (! con)
		return -1;

	range=context_range_get(con);
	if (range) {
		newrange=untranslate(range);
		if (newrange) {
			context_range_set(con,newrange);
		}
	}
	*rcon=strdup(context_str(con));
	context_free(con);
	return 0;
}

Re: libselinux category patch

[Stephen Smalley]

On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
> libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 
> 
> One eliminate MLS from the checking.  No reason why this has to be MLS 
> specific.
> Change mlstrans.c to trans.c.  See above.
> Allow context functions to handle null range.
>     In MCS I want to translate X:Y:Z:s0 to X:Y:Z, That way we can 
> introduce MCS policy to targeted without the user
> seeing any change.
> A couple of minor changes.
> 
> setrans.c is the library code
> 
> I am attaching the translation library code I am going to throw in for 
> MCS handling.  Basically translates
> c1=PatientRecord
> I have called the file /etc/secat.conf, tried to put it in 
> /etc/selinux/secat.conf, but suddenly lots of domains wanted to read 
> selinux_config_t files.

- Putting it directly under /etc makes it harder to protect differently
than any other top-level /etc file.  On the other hand, it is very much
like a passwd file lookup for mapping uids to usernames for e.g. ls, ps,
and friends.
- Placing it outside of /etc/selinux makes sense if it is not considered
part of the SELinux policy, and is consistent with the ultimate goal of
being able to manage it via LDAP or similar means.  But it does raise
the question of what owns this file, and how it gets set up initially,
e.g. one might want different default for MCS vs. MLS.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Darrel Goeddel]

Stephen Smalley wrote:
> On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
>>I am attaching the translation library code I am going to throw in for 
>>MCS handling.  Basically translates
>>c1=PatientRecord
>>I have called the file /etc/secat.conf, tried to put it in 
>>/etc/selinux/secat.conf, but suddenly lots of domains wanted to read 
>>selinux_config_t files.
> 
> - Putting it directly under /etc makes it harder to protect differently
> than any other top-level /etc file.  On the other hand, it is very much
> like a passwd file lookup for mapping uids to usernames for e.g. ls, ps,
> and friends.
> - Placing it outside of /etc/selinux makes sense if it is not considered
> part of the SELinux policy, and is consistent with the ultimate goal of
> being able to manage it via LDAP or similar means.  But it does raise
> the question of what owns this file, and how it gets set up initially,
> e.g. one might want different default for MCS vs. MLS.
> 

We (TCS) are including the label translation files under /etc/selinux
(protected at system high as selinux_config_t) because we view this as part of
the SELinux configuration.  This works for us because we have a daemon which is
the single user of this file other than the security admin.  Our libsetrans is
simply a communication library to the daemon.  If the file is read directly by
users of libselinux, it needs to be protected in such a way that everyone who
can make a call into libselinux can read the file.  Note that we have a similar
issue regarding users of libselinux - they must be able to contact the daemon.
We have created a policy macro for things that use our daemon via libselinux.
Perhaps we should introduce an attribute that identifies users of libselinux.
This attribute can then be used to grant read access to the config file in
RedHat's case and access to the daemon in our case.
Any thoughts on that?  Maybe 'privsetrans'?

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Wed, 2005-08-24 at 09:19 -0500, Darrel Goeddel wrote:
> We (TCS) are including the label translation files under /etc/selinux
> (protected at system high as selinux_config_t) because we view this as part of
> the SELinux configuration.

Ok, but what happens when this mapping (plus the Linux user->{SELinux
user, allowed category set} mapping) gets pushed into an LDAP directory?
One of the points of separating it from the policy is so that you can
ship a single relatively static policy and local admins can manage their
site-specific settings without touching the policy proper, iirc.

>   This works for us because we have a daemon which is
> the single user of this file other than the security admin.  Our libsetrans is
> simply a communication library to the daemon.  If the file is read directly by
> users of libselinux, it needs to be protected in such a way that everyone who
> can make a call into libselinux can read the file.  Note that we have a similar
> issue regarding users of libselinux - they must be able to contact the daemon.
> We have created a policy macro for things that use our daemon via libselinux.
> Perhaps we should introduce an attribute that identifies users of libselinux.
> This attribute can then be used to grant read access to the config file in
> RedHat's case and access to the daemon in our case.
> Any thoughts on that?  Maybe 'privsetrans'?

Explicit macro interfaces are preferable, e.g.
uses_libselinux(name_of_domain).  But a point to note here is that
different users of libselinux have different permission requirements,
e.g. some only need to use interfaces like getfilecon/getcon and do not
need access to the policy files (other than the translation mapping) or
selinuxfs.  There are already macros for things like can_getcon and
can_getsecurity, so possibly we want specific macros along those lines
rather than a generic uses_libselinux.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Joshua Brindle]

Daniel J Walsh wrote:

>	range=context_range_get(con);
>	if (range) {
>		if(strcmp(range,"s0") == 0 ) {
>			context_range_set(con,NULL);
>		}
>		else 
>		{
>			ptr=strrchr(range,':');
>  
>
Why is s0 hardcoded here? s0 should be part of the context to be 
translated, if you don't want the users to see it whatever tool to edit 
the mappings should hide it, not libselinux.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

Joshua Brindle wrote:

> Daniel J Walsh wrote:
>
>>     range=context_range_get(con);
>>     if (range) {
>>         if(strcmp(range,"s0") == 0 ) {
>>             context_range_set(con,NULL);
>>         }
>>         else         {
>>             ptr=strrchr(range,':');
>>  
>>
> Why is s0 hardcoded here? s0 should be part of the context to be 
> translated, if you don't want the users to see it whatever tool to 
> edit the mappings should hide it, not libselinux.

This code is not part of libselinux,  it is a library that SELinux calls 
out to that will be specific to the vendor that ships it.
I see this library being different between our version of MCS/MLS and 
other third party versions of MLS, IE one that translates using the 
Mitre Libraries.

MCS version of libtrans.so translates s0->"".

MLS policy can do what ever it wants with this part of the range.


-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 10:18 -0400, Daniel J Walsh wrote:
> This code is not part of libselinux,  it is a library that SELinux calls 
> out to that will be specific to the vendor that ships it.
> I see this library being different between our version of MCS/MLS and 
> other third party versions of MLS, IE one that translates using the 
> Mitre Libraries.
> 
> MCS version of libtrans.so translates s0->"".
> 
> MLS policy can do what ever it wants with this part of the range.

While it is true that systems with a real MLS policy will likely have
their own libsetrans implementation, I think it would make sense to have
your default libsetrans implementation at least provide a way to map
sensitivity names as well as category names via the config file,
including a way to specify that they should just be dropped (e.g.
s0="").  Whether or not you should further allow mapping of entire
combinations, like s0:c0,c127=puritycontrol, via the config in your
default libsetrans implementation is more open to debate.

Also, how do you intend to deal with multiple libsetrans
implementations?  Symlink to the real translation library?  Managed via
the alternatives system?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

Stephen Smalley wrote:

>On Tue, 2005-08-23 at 10:18 -0400, Daniel J Walsh wrote:
>  
>
>>This code is not part of libselinux,  it is a library that SELinux calls 
>>out to that will be specific to the vendor that ships it.
>>I see this library being different between our version of MCS/MLS and 
>>other third party versions of MLS, IE one that translates using the 
>>Mitre Libraries.
>>
>>MCS version of libtrans.so translates s0->"".
>>
>>MLS policy can do what ever it wants with this part of the range.
>>    
>>
>
>While it is true that systems with a real MLS policy will likely have
>their own libsetrans implementation, I think it would make sense to have
>your default libsetrans implementation at least provide a way to map
>sensitivity names as well as category names via the config file,
>including a way to specify that they should just be dropped (e.g.
>s0="").  Whether or not you should further allow mapping of entire
>combinations, like s0:c0,c127=puritycontrol, via the config in your
>default libsetrans implementation is more open to debate.
>  
>
I was thinking of issue of the multiple translations and how to do 
SystemHigh also.  Currently I am just truncating off
the s0: and asking for a translation of the remainder.  So c0,c127 would 
translate to puritycontrol.   
Translating s0="" Would give me better flexibility though, so I guess I 
can adopt it.  I was considering allowing users to specify multiple 
Categories on a file and then translating it, but it probably would be 
better to force the user to specify a name for multiple categories.

c1,c5,c7=CompanyConfidential_CokeSecretRecipe_PrintOnly


>Also, how do you intend to deal with multiple libsetrans
>implementations?  Symlink to the real translation library?  Managed via
>the alternatives system?
>
>  
>
I was thinking conflicting rpm packages.  So You can not install MCS and 
MLS translation libaries at the same time.

-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 11:11 -0400, Daniel J Walsh wrote:
> I was thinking of issue of the multiple translations and how to do 
> SystemHigh also.  Currently I am just truncating off
> the s0: and asking for a translation of the remainder.

Seems like you want to able to support mapping particular combinations
(c0.c127=purity_control) as well as individual components
(c42=cassandra_spender), possibly falling through to individual
component translation if there is no mapping for the complete
combination.  Otherwise, you have to specify all possible combinations,
right?

> I was thinking conflicting rpm packages.  So You can not install MCS and 
> MLS translation libaries at the same time.

Hmmm...I recall that you didn't want to take that approach for multiple
policies, but in that case, you were providing multiple policies in the
distribution itself.  As long as you don't think you will ever need to
support multiple translation libraries in the base distribution, then
conflicting packages may be ok.  Darrel, what do you think?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Darrel Goeddel]

Stephen Smalley wrote:
>>I was thinking conflicting rpm packages.  So You can not install MCS and 
>>MLS translation libaries at the same time.
> 
> 
> Hmmm...I recall that you didn't want to take that approach for multiple
> policies, but in that case, you were providing multiple policies in the
> distribution itself.  As long as you don't think you will ever need to
> support multiple translation libraries in the base distribution, then
> conflicting packages may be ok.  Darrel, what do you think?

I personally like just managing the symlink /lib/libsetrans.so.0 to point
to whatever translation lib should be used.  This allows for multiple
variations to be installed.  As pointed out earlier, the alternatives
system could be used here.  There should be no need to have more than one
translation scheme installed on a running system, but it may prove easier
to allow for that case.  I think the question comes down to what is easier
for installing a system such as RHEL that may support multiple schemes 
such as MCS and MLS.  Installing multiple policy types and switching between
them is a nice feature.  If the policies would want differing translation
schemes, I think it should be just as easy to switch - no rpm removal and 
installation.

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Joshua Brindle]

Darrel Goeddel wrote:

> Stephen Smalley wrote:
>
>>> I was thinking conflicting rpm packages.  So You can not install MCS 
>>> and MLS translation libaries at the same time.
>>
>>
>>
>> Hmmm...I recall that you didn't want to take that approach for multiple
>> policies, but in that case, you were providing multiple policies in the
>> distribution itself.  As long as you don't think you will ever need to
>> support multiple translation libraries in the base distribution, then
>> conflicting packages may be ok.  Darrel, what do you think?
>
>
> I personally like just managing the symlink /lib/libsetrans.so.0 to point
> to whatever translation lib should be used.  This allows for multiple
> variations to be installed.  As pointed out earlier, the alternatives
> system could be used here.  There should be no need to have more than one
> translation scheme installed on a running system, but it may prove easier
> to allow for that case.  I think the question comes down to what is 
> easier
> for installing a system such as RHEL that may support multiple schemes 
> such as MCS and MLS.  Installing multiple policy types and switching 
> between
> them is a nice feature.  If the policies would want differing translation
> schemes, I think it should be just as easy to switch - no rpm removal 
> and installation.
>
I don't know, it seems like you will potentially have a different 
translation lib for different policies. The policy knows which it wants 
(MCS knows it'll want libsetrans-mls.so or whatever). If you have an MCS 
and an MLS policy on the same system part of the conversion shouldn't be 
changing a symlink, that is fairly hacky. This sounds like a per policy 
configuration to me. That way custom translation libs can be installed 
with the policy and the policy will use it by default.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
> libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 

Do we truly need to allow whitespace in the (translated) MLS field?
That change to context_new originated in the TCS patch, but I'd prefer
to avoid it if possible.
  
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

Stephen Smalley wrote:

>On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
>  
>
>>libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 
>>    
>>
>
>Do we truly need to allow whitespace in the (translated) MLS field?
>That change to context_new originated in the TCS patch, but I'd prefer
>to avoid it if possible.
>  
>  
>
I have no problem with not allowing spaces in translated name.  We could 
come up with a third field, in the translation, Printable Name or some 
such, but that could come later...

-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 11:02 -0400, Daniel J Walsh wrote:
> Stephen Smalley wrote:
> 
> >On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
> >  
> >
> >>libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 
> >>    
> >>
> >
> >Do we truly need to allow whitespace in the (translated) MLS field?
> >That change to context_new originated in the TCS patch, but I'd prefer
> >to avoid it if possible.
> >  
> >  
> >
> I have no problem with not allowing spaces in translated name.  We could 
> come up with a third field, in the translation, Printable Name or some 
> such, but that could come later...

I'm just concerned about parsing code having to distinguish normal
whitespace field separators (e.g. in ps or ls output) from internal
separators within a label.  If we allow whitespace within the context,
we essentially have to start printing them all as quoted strings in all
the utilities, as well as passing them that way as arguments.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Darrel Goeddel]

Stephen Smalley wrote:
> On Tue, 2005-08-23 at 11:02 -0400, Daniel J Walsh wrote:
>>>Do we truly need to allow whitespace in the (translated) MLS field?
>>>That change to context_new originated in the TCS patch, but I'd prefer
>>>to avoid it if possible.
>>> 
>>
>>I have no problem with not allowing spaces in translated name.  We could 
>>come up with a third field, in the translation, Printable Name or some 
>>such, but that could come later...
> 
> I'm just concerned about parsing code having to distinguish normal
> whitespace field separators (e.g. in ps or ls output) from internal
> separators within a label.  If we allow whitespace within the context,
> we essentially have to start printing them all as quoted strings in all
> the utilities, as well as passing them that way as arguments.

Our MITRE based translator really like the whitespace...  I agree that the
whitespace is a pain, but we have been using this for quite a while and have
not run into problems with any utilities that I am aware of.  My biggest gripe
is having to quote arguments to commands when a context has whitespace...
How about we allow for it, and let those who choose to use whitespace
(unfortunately our translation scheme) deal with the repercussions :)

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Wed, 2005-08-24 at 09:48 -0500, Darrel Goeddel wrote:
> Our MITRE based translator really like the whitespace...  I agree that the
> whitespace is a pain, but we have been using this for quite a while and have
> not run into problems with any utilities that I am aware of.  My biggest gripe
> is having to quote arguments to commands when a context has whitespace...
> How about we allow for it, and let those who choose to use whitespace
> (unfortunately our translation scheme) deal with the repercussions :)

I'm still concerned about the implications for utilities that display
the contexts, and particularly for any scripts that filter output of
such utilities and expect to be able to extract context fields.  It
seems like we'd need to quote the context strings in the output always
to ensure that scripts won't break when someone switches from the
default libsetrans to the MITRE-based one.

Alternatively, your MITRE-based translator could wrap the MITRE
translation with a converter to eliminate whitespace (dropping it or
replacing it with e.g. underscores), so that libselinux and the
utilities (and users) would never have to deal with them.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
> libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 

When I read through the patch, it looked sane.  But a quick trial of ls
-Z / showed a definite issue with no libsetrans in place.  It generates
garbage as soon as it hits a directory that doesn't support extended
attributes.

This appears to reflect both a problem in the patch and a problem in ls.
As far as the patch goes, when there is no libsetrans, the wrapper
functions (e.g. getfilecon) are always setting *context to rcontext even
if the raw function returned an error.  I think we need to qualify the
else clauses in the wrapper functions with if (ret > 0) as well so that
we do not set *context to garbage when an error is encountered by the
raw function.  I can make that change.

As far as ls goes, it is presently not checking the return value of
getfilecon/lgetfilecon; it just initializes the f->scontext pointers to
NULL a priori and then passes them to getfilecon/lgetfilecon, assuming
that they won't disturb them (or at least will reset them to NULL) upon
any errors.  It then checks for NULL at display time.  That worked prior
to the patch because the original function wouldn't set *context at all
upon errors, but was broken by the patch when there was no libsetrans.
It would be more robust to have ls check the return value and reset
f->scontext to NULL upon any errors.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 12:52 -0400, Stephen Smalley wrote:
> This appears to reflect both a problem in the patch and a problem in ls.
> As far as the patch goes, when there is no libsetrans, the wrapper
> functions (e.g. getfilecon) are always setting *context to rcontext even
> if the raw function returned an error.  I think we need to qualify the
> else clauses in the wrapper functions with if (ret > 0) as well so that
> we do not set *context to garbage when an error is encountered by the
> raw function.  I can make that change.

This patch relative to the translation patch fixes the wrapper functions
to not set the context pointers when the raw functions return an error.
This fixes the problem with ls -Z displaying garbage when it encounters
a file or directory with no extended attribute value.

I did notice one other issue with the translation patch that is not
resolved by this one (in fact, this one propagates the same behavior to
the !context_translations case).  If getxattr returns a length of zero
(shouldn't ever happen for the selinux attribute, but the interface
allows for it), then the old getfilecon function would have set the
context pointer to an empty buffer (containing only NULs) and returned
zero as well.  The wrapper functions don't presently set the context
pointer at all in this case.  Possibly we just shouldn't allow it to
happen, i.e. return an error from the raw functions if we ever get a
zero length from getxattr?

Index: libselinux/src/compute_create.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/compute_create.c,v
retrieving revision 1.12
diff -u -p -r1.12 compute_create.c
--- libselinux/src/compute_create.c	23 Aug 2005 16:46:40 -0000	1.12
+++ libselinux/src/compute_create.c	23 Aug 2005 16:52:12 -0000
@@ -87,7 +87,7 @@ int security_compute_create(security_con
 			}
 			freecon(rnewcon);
 		}
-	} else
+	} else if (!ret)
 		*newcon = rnewcon;
 
 	return ret;
Index: libselinux/src/compute_member.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/compute_member.c,v
retrieving revision 1.2
diff -u -p -r1.2 compute_member.c
--- libselinux/src/compute_member.c	23 Aug 2005 16:46:40 -0000	1.2
+++ libselinux/src/compute_member.c	23 Aug 2005 16:52:25 -0000
@@ -86,7 +86,7 @@ int security_compute_member(security_con
 			}
 			freecon(rnewcon);
 		}
-	} else
+	} else if (!ret)
 		*newcon = rnewcon;
 
 	return ret;
Index: libselinux/src/compute_relabel.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/compute_relabel.c,v
retrieving revision 1.11
diff -u -p -r1.11 compute_relabel.c
--- libselinux/src/compute_relabel.c	23 Aug 2005 16:46:40 -0000	1.11
+++ libselinux/src/compute_relabel.c	23 Aug 2005 16:52:35 -0000
@@ -86,7 +86,7 @@ int security_compute_relabel(security_co
 			}
 			freecon(rnewcon);
 		}
-	} else
+	} else if (!ret)
 		*newcon = rnewcon;
 
 	return ret;
Index: libselinux/src/fgetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/fgetfilecon.c,v
retrieving revision 1.7
diff -u -p -r1.7 fgetfilecon.c
--- libselinux/src/fgetfilecon.c	23 Aug 2005 16:46:40 -0000	1.7
+++ libselinux/src/fgetfilecon.c	23 Aug 2005 16:55:06 -0000
@@ -57,7 +57,7 @@ int fgetfilecon(int fd, security_context
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (ret > 0)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getcon.c,v
retrieving revision 1.8
diff -u -p -r1.8 getcon.c
--- libselinux/src/getcon.c	23 Aug 2005 16:46:40 -0000	1.8
+++ libselinux/src/getcon.c	23 Aug 2005 16:54:09 -0000
@@ -57,7 +57,7 @@ int getcon(security_context_t *context)
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getexeccon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getexeccon.c,v
retrieving revision 1.6
diff -u -p -r1.6 getexeccon.c
--- libselinux/src/getexeccon.c	23 Aug 2005 16:46:40 -0000	1.6
+++ libselinux/src/getexeccon.c	23 Aug 2005 16:54:22 -0000
@@ -61,7 +61,7 @@ int getexeccon(security_context_t *conte
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getfilecon.c,v
retrieving revision 1.8
diff -u -p -r1.8 getfilecon.c
--- libselinux/src/getfilecon.c	23 Aug 2005 16:46:40 -0000	1.8
+++ libselinux/src/getfilecon.c	23 Aug 2005 16:54:53 -0000
@@ -58,7 +58,7 @@ int getfilecon(const char *path, securit
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (ret > 0)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getfscreatecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getfscreatecon.c,v
retrieving revision 1.6
diff -u -p -r1.6 getfscreatecon.c
--- libselinux/src/getfscreatecon.c	23 Aug 2005 16:46:41 -0000	1.6
+++ libselinux/src/getfscreatecon.c	23 Aug 2005 16:55:19 -0000
@@ -61,7 +61,7 @@ int getfscreatecon(security_context_t *c
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getpeercon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getpeercon.c,v
retrieving revision 1.3
diff -u -p -r1.3 getpeercon.c
--- libselinux/src/getpeercon.c	23 Aug 2005 16:46:41 -0000	1.3
+++ libselinux/src/getpeercon.c	23 Aug 2005 16:55:29 -0000
@@ -56,7 +56,7 @@ int getpeercon(int fd, security_context_
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getpidcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getpidcon.c,v
retrieving revision 1.5
diff -u -p -r1.5 getpidcon.c
--- libselinux/src/getpidcon.c	23 Aug 2005 16:46:41 -0000	1.5
+++ libselinux/src/getpidcon.c	23 Aug 2005 16:55:41 -0000
@@ -60,7 +60,7 @@ int getpidcon(pid_t pid, security_contex
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/getprevcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getprevcon.c,v
retrieving revision 1.6
diff -u -p -r1.6 getprevcon.c
--- libselinux/src/getprevcon.c	23 Aug 2005 16:46:41 -0000	1.6
+++ libselinux/src/getprevcon.c	23 Aug 2005 16:55:56 -0000
@@ -57,7 +57,7 @@ int getprevcon(security_context_t *conte
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (!ret)
 		*context = rcontext;
 
 	return ret;
Index: libselinux/src/lgetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/lgetfilecon.c,v
retrieving revision 1.7
diff -u -p -r1.7 lgetfilecon.c
--- libselinux/src/lgetfilecon.c	23 Aug 2005 16:46:41 -0000	1.7
+++ libselinux/src/lgetfilecon.c	23 Aug 2005 16:50:53 -0000
@@ -57,7 +57,7 @@ int lgetfilecon(const char *path, securi
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else
+	} else if (ret > 0)
 		*context = rcontext;
 
 	return ret;

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 13:21 -0400, Stephen Smalley wrote:
> On Tue, 2005-08-23 at 12:52 -0400, Stephen Smalley wrote:
> > This appears to reflect both a problem in the patch and a problem in ls.
> > As far as the patch goes, when there is no libsetrans, the wrapper
> > functions (e.g. getfilecon) are always setting *context to rcontext even
> > if the raw function returned an error.  I think we need to qualify the
> > else clauses in the wrapper functions with if (ret > 0) as well so that
> > we do not set *context to garbage when an error is encountered by the
> > raw function.  I can make that change.
> 
> This patch relative to the translation patch fixes the wrapper functions
> to not set the context pointers when the raw functions return an error.
> This fixes the problem with ls -Z displaying garbage when it encounters
> a file or directory with no extended attribute value.

I've committed the libselinux translation support (including my fix
patch).  This is only the libselinux support; there is no libsetrans in
our tree presently (and likely shouldn't be).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Tue, 2005-08-23 at 14:03 -0400, Stephen Smalley wrote:
> I've committed the libselinux translation support (including my fix
> patch).  This is only the libselinux support; there is no libsetrans in
> our tree presently (and likely shouldn't be).

Note btw that you also need the procps patch posted by Chad Hanson on
Aug 15th if you want ps to display the translated names.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 108 bytes --]

I still want at least the set_comp diff to allow me to set level to 
NULL, so it does not show up.



-- 



[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 6518 bytes --]

diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.25.3/src/compute_relabel.c
--- nsalibselinux/src/compute_relabel.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/compute_relabel.c	2005-08-24 09:13:57.000000000 -0400
@@ -20,6 +20,7 @@
 	size_t size;
 	int fd, ret;
 
+	*newcon=NULL;
 	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
 	fd = open(path, O_RDWR);
 	if (fd < 0)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.25.3/src/compute_user.c
--- nsalibselinux/src/compute_user.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/compute_user.c	2005-08-24 09:13:57.000000000 -0400
@@ -21,6 +21,7 @@
 	int fd, ret;
 	unsigned int i, nel;
 
+	*con = NULL;
 	snprintf(path, sizeof path, "%s/user", selinux_mnt);
 	fd = open(path, O_RDWR);
 	if (fd < 0)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/context.c libselinux-1.25.3/src/context.c
--- nsalibselinux/src/context.c	2005-08-22 16:37:00.000000000 -0400
+++ libselinux-1.25.3/src/context.c	2005-08-24 09:13:57.000000000 -0400
@@ -137,19 +137,23 @@
 
 static int set_comp(context_private_t* n,int index, const char *str)
 {
-        char *t = (char*) malloc(strlen(str)+1);
+        char *t = NULL;
         const char *p;
-        if ( !t ) { return 1; }
-        for ( p = str; *p; p++ ) {
-                if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
-                     (*p == ':' && index != COMP_RANGE) ) {
-                        free(t);
-                        return 1;
-                }
-        }
-        conditional_free(&n->component[index]);
+	if (str) {
+		t=(char*) malloc(strlen(str)+1);
+		if ( !t ) { return 1; }
+		for ( p = str; *p; p++ ) {
+			if ( *p == '\t' || *p == '\n' || *p == '\r' ||
+			     ((*p == ':' || *p == ' ') && index != COMP_RANGE) ) {
+				free(t);
+				return 1;
+			}
+		}
+	}
+	conditional_free(&n->component[index]);
+	if (str)
+		strcpy(t,str);
         n->component[index] = t;
-        strcpy(t,str);
         return 0;
 }
 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.25.3/src/fgetfilecon.c
--- nsalibselinux/src/fgetfilecon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/fgetfilecon.c	2005-08-24 09:13:57.000000000 -0400
@@ -13,6 +13,7 @@
 	ssize_t size;
 	ssize_t ret;
 
+	*context = NULL;
 	size = INITCONTEXTLEN+1;
 	buf = malloc(size);
 	if (!buf) 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.25.3/src/getcon.c
--- nsalibselinux/src/getcon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getcon.c	2005-08-24 09:13:57.000000000 -0400
@@ -14,6 +14,7 @@
 	int fd;
 	ssize_t ret;
 
+	*context=NULL;
 	fd = open("/proc/self/attr/current", O_RDONLY);
 	if (fd < 0)
 		return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.25.3/src/getexeccon.c
--- nsalibselinux/src/getexeccon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getexeccon.c	2005-08-24 09:13:57.000000000 -0400
@@ -14,6 +14,7 @@
 	int fd;
 	ssize_t ret;
 
+	*context = NULL;
 	fd = open("/proc/self/attr/exec", O_RDONLY);
 	if (fd < 0)
 		return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.25.3/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getfilecon.c	2005-08-24 09:15:03.000000000 -0400
@@ -13,6 +13,7 @@
 	ssize_t size;
 	ssize_t ret;
 
+ 	*context = NULL;
 	size = INITCONTEXTLEN+1;
 	buf = malloc(size);
 	if (!buf) 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.25.3/src/getfscreatecon.c
--- nsalibselinux/src/getfscreatecon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getfscreatecon.c	2005-08-24 09:13:57.000000000 -0400
@@ -14,6 +14,7 @@
 	int fd;
 	ssize_t ret;
 
+	*context = NULL;
 	fd = open("/proc/self/attr/fscreate", O_RDONLY);
 	if (fd < 0)
 		return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.25.3/src/getpeercon.c
--- nsalibselinux/src/getpeercon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getpeercon.c	2005-08-24 09:13:57.000000000 -0400
@@ -17,6 +17,7 @@
 	socklen_t size;
 	ssize_t ret;
 
+	*context = NULL;
 	size = INITCONTEXTLEN+1;
 	buf = malloc(size);
 	if (!buf) 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.25.3/src/getpidcon.c
--- nsalibselinux/src/getpidcon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getpidcon.c	2005-08-24 09:13:57.000000000 -0400
@@ -16,6 +16,7 @@
 	int fd;
 	ssize_t ret;
 
+	*context = NULL;
 	snprintf(path, sizeof path, "/proc/%d/attr/current", pid);
 
 	fd = open(path, O_RDONLY);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.25.3/src/getprevcon.c
--- nsalibselinux/src/getprevcon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/getprevcon.c	2005-08-24 09:13:57.000000000 -0400
@@ -14,6 +14,7 @@
 	int fd;
 	ssize_t ret;
 
+	*context = NULL;
 	fd = open("/proc/self/attr/prev", O_RDONLY);
 	if (fd < 0)
 		return -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.25.3/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2005-08-24 09:07:11.000000000 -0400
+++ libselinux-1.25.3/src/lgetfilecon.c	2005-08-24 09:13:57.000000000 -0400
@@ -13,6 +13,7 @@
 	ssize_t size;
 	ssize_t ret;
 
+	*context = NULL;
 	size = INITCONTEXTLEN+1;
 	buf = malloc(size);
 	if (!buf) 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.25.3/src/trans.c
--- nsalibselinux/src/trans.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.25.3/src/trans.c	2005-08-24 09:13:57.000000000 -0400
@@ -6,8 +6,8 @@
 
 int trans_to_raw_context(char *raw, char **transp)
 {
+	*transp = NULL;
 	if (!raw) {
-		*transp = NULL;
 		return 0;
 	}
 
@@ -19,8 +19,8 @@
 
 int raw_to_trans_context(char *trans, char **rawp)
 {
+	*rawp = NULL;
 	if (!trans) {
-		*rawp = NULL;
 		return 0;
 	}
 
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getfilecon.c libselinux-1.25.3/utils/getfilecon.c
--- nsalibselinux/utils/getfilecon.c	2005-01-20 16:05:24.000000000 -0500
+++ libselinux-1.25.3/utils/getfilecon.c	2005-08-24 09:13:57.000000000 -0400
@@ -21,6 +21,9 @@
 		}
 		printf("%s\t%s\n", argv[i], buf);
 		freecon(buf);
+		rc = getfilecon_raw(argv[i], &buf);
+		printf("%s\t%s\n", argv[i], buf);
+		freecon(buf);
 	}
 	exit(0);
 }

Re: libselinux category patch

[Stephen Smalley]

On Wed, 2005-08-24 at 09:27 -0400, Daniel J Walsh wrote:
> I still want at least the set_comp diff to allow me to set level to 
> NULL, so it does not show up.

Hmm...I dropped the set_comp diff entirely from the original patch
because I didn't want the change to allow whitespace in the context, as
per our earlier discussion on the list.  I didn't notice that you were
also changing it to allow NULL.  Potential issue there is that your
change would allow setting a NULL for any field, whereas context_str
won't handle a NULL gracefully in any field other than the last.

With regard to clearing the context pointers on entry to the raw
functions, I don't see why it is necessary given my earlier patch.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

Stephen Smalley wrote:

>On Wed, 2005-08-24 at 09:27 -0400, Daniel J Walsh wrote:
>  
>
>>I still want at least the set_comp diff to allow me to set level to 
>>NULL, so it does not show up.
>>    
>>
>
>Hmm...I dropped the set_comp diff entirely from the original patch
>because I didn't want the change to allow whitespace in the context, as
>per our earlier discussion on the list.  I didn't notice that you were
>also changing it to allow NULL.  Potential issue there is that your
>change would allow setting a NULL for any field, whereas context_str
>won't handle a NULL gracefully in any field other than the last.
>
>  
>
Which is too bad since object_r is totally useless in ls output :^).    
Well we can either make sure it is that last field or not allow it.  As 
I play with MCS, I am not sure whether we want this info or not, my 
problem with this field and object_r is that they give no info and take 
up a lot of screen space.  (Although, probably an Engineer problem and 
not a real world problem.)

>With regard to clearing the context pointers on entry to the raw
>functions, I don't see why it is necessary given my earlier patch.
>
>  
>
Ok, you can forget about them.

-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Ok I plead ignorance to the way MLS works.

[Daniel J Walsh]

Playing around with MCS, I see the following problems.

Should the initialsid of kernel be

sid kernel     system_u:system_r:kernel_t:s0:c0.c127
or
sid kernel     system_u:system_r:kernel_t:s0 - s0:c0.c127

I would like all the daemon processes in the system to run as "s0", Ie 
by default not have access to any labeled
data.  How do I do this?   Am I supposed to use something like:
range_transition initrc_t httpd_exec_t s0 - s0;

Trying to use this is giving me a compilation error.



-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Ok I plead ignorance to the way MLS works.

[Darrel Goeddel]

Daniel J Walsh wrote:
> Playing around with MCS, I see the following problems.
> 
> Should the initialsid of kernel be
> 
> sid kernel     system_u:system_r:kernel_t:s0:c0.c127
> or
> sid kernel     system_u:system_r:kernel_t:s0 - s0:c0.c127
> 
> I would like all the daemon processes in the system to run as "s0", Ie 
> by default not have access to any labeled
> data.  How do I do this?   Am I supposed to use something like:
> range_transition initrc_t httpd_exec_t s0 - s0;
> 
> Trying to use this is giving me a compilation error.

I think you would want to run the kernel would at s0:c0.c127.
Then, do a "range_transition kernel_t init_exec_t s0" to get the whole
of userspace started off with no categories present.  This is a change
from the range_transition that is ifdef'd currently for mls in kernel.te.
Are you going to have "ifdef mcs_policy" like the current
"ifdef mls_policy"?

I'm sure about the compilation error, I did a similar statement with a
toolchain that is are pre-modules - that worked.  I'm updating an FC4 box
now so I at least have something up-to-date.

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Ok I plead ignorance to the way MLS works.

[Stephen Smalley]

On Wed, 2005-08-24 at 11:44 -0500, Darrel Goeddel wrote:
> I think you would want to run the kernel would at s0:c0.c127.
> Then, do a "range_transition kernel_t init_exec_t s0" to get the whole
> of userspace started off with no categories present.

Why not just have the kernel start out at s0 (no categories), and just
give its domain the necessary attributes to override MLS?  Then you
don't need to transition at all.  Otherwise, you also have to deal with
any other kernel-invoked helpers, e.g. hotplug.

> I'm sure about the compilation error, I did a similar statement with a
> toolchain that is are pre-modules - that worked.  I'm updating an FC4 box
> now so I at least have something up-to-date.

I just tried adding the range_transition listed by Dan to a policy.conf
and rebuilding with checkpolicy -M (latest cvs), and it worked for me.
But note that s0 - s0 is unnecessary; it is the same as just s0.  The
high level defaults to the low level if it isn't specified.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Ok I plead ignorance to the way MLS works.

[Daniel J Walsh]

Stephen Smalley wrote:

>On Wed, 2005-08-24 at 11:44 -0500, Darrel Goeddel wrote:
>  
>
>>I think you would want to run the kernel would at s0:c0.c127.
>>Then, do a "range_transition kernel_t init_exec_t s0" to get the whole
>>of userspace started off with no categories present.
>>    
>>
>
>Why not just have the kernel start out at s0 (no categories), and just
>give its domain the necessary attributes to override MLS?  Then you
>don't need to transition at all.  Otherwise, you also have to deal with
>any other kernel-invoked helpers, e.g. hotplug.
>
>  
>
Ok, I changed the kernel to s0, and now all domains run in s0.  Problem 
is I want root to login as
s0:c0.c127

I changed root default context file 
(/etc/selinux/targeted/contexts/users/root)  to

system_u:system_r:local_login_t:s0 system_r:unconfined_t:s0:c0.c127

But when I login I get

root:system_r:unconfined_t:s0

login is running as
system_u:system_r:local_login_t:s0 

Should it be running with a range?
Do I need to change login policy?
I see no errors...


>>I'm sure about the compilation error, I did a similar statement with a
>>toolchain that is are pre-modules - that worked.  I'm updating an FC4 box
>>now so I at least have something up-to-date.
>>    
>>
>
>I just tried adding the range_transition listed by Dan to a policy.conf
>and rebuilding with checkpolicy -M (latest cvs), and it worked for me.
>But note that s0 - s0 is unnecessary; it is the same as just s0.  The
>high level defaults to the low level if it isn't specified.
>
>  
>
Ok it was within a boolean block.


-- 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Ok I plead ignorance to the way MLS works.

[Stephen Smalley]

On Wed, 2005-08-24 at 13:27 -0400, Daniel J Walsh wrote:
> Ok, I changed the kernel to s0, and now all domains run in s0.  Problem 
> is I want root to login as
> s0:c0.c127
> 
> I changed root default context file 
> (/etc/selinux/targeted/contexts/users/root)  to
> 
> system_u:system_r:local_login_t:s0 system_r:unconfined_t:s0:c0.c127
> 
> But when I login I get
> 
> root:system_r:unconfined_t:s0
> 
> login is running as
> system_u:system_r:local_login_t:s0 
> 
> Should it be running with a range?
> Do I need to change login policy?
> I see no errors...

Hmmm...looks like you have to transition login to a range via a
range_transition rule on login_exec_t in order for the current MLS logic
to permit the user to login at a different level.

Also, I think you want root's default level to still be s0, but his
range to be s0-s0:c0.c127, so that his clearance will be set to that
value.  You want the current/low level to be s0 so that files he creates
default to no categories, but his high/clearance level to be his
authorized set of categories so that he is allowed by the MCS
constraints to set any of those categories on files he owns.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Ok I plead ignorance to the way MLS works.

[James Morris]

On Wed, 24 Aug 2005, Daniel J Walsh wrote:

> Ok, I changed the kernel to s0, and now all domains run in s0.  Problem is I
> want root to login as
> s0:c0.c127
> 

This will cause all of the files created by root to be labeled with all 
categories.


- James
-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Stephen Smalley]

On Wed, 2005-08-24 at 09:27 -0400, Daniel J Walsh wrote:
> I still want at least the set_comp diff to allow me to set level to 
> NULL, so it does not show up.

How about this patch?  Changes set_comp to allow setting to NULL,
but doesn't allow whitespace in the context.  Also changes context_str
to be somewhat more general, but context_new is still not going to like
a context that lacks any field other than the level, and the kernel
won't take a partial one.

Index: libselinux/src/context.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/context.c,v
retrieving revision 1.10
diff -u -p -r1.10 context.c
--- libselinux/src/context.c	11 Aug 2005 13:58:28 -0000	1.10
+++ libselinux/src/context.c	24 Aug 2005 19:14:59 -0000
@@ -119,15 +119,15 @@ context_str(context_t context)
         }
         n->current_str = malloc(total);
         if ( n->current_str != 0 ) {
-                char *cp = stpcpy(n->current_str,n->component[0]);
-                *cp++ = ':';
-                cp = stpcpy(cp,n->component[1]);
-                *cp++ = ':';
-                cp = stpcpy(cp,n->component[2]);
-                if ( n->component[3] ) {
-                        *cp++ = ':';
-                        strcpy(cp,n->component[3]);
-                }
+                char *cp = n->current_str;
+
+		cp = stpcpy(cp, n->component[0]);
+		for (i = 1; i < 4; i++) {
+			if (n->component[i]) {
+				*cp++ = ':';
+				cp = stpcpy(cp, n->component[i]);
+			}
+		}
         }
         return n->current_str;
 }
@@ -137,19 +137,22 @@ hidden_def(context_str)
 
 static int set_comp(context_private_t* n,int index, const char *str)
 {
-        char *t = (char*) malloc(strlen(str)+1);
+	char *t = NULL;
         const char *p;
-        if ( !t ) { return 1; }
-        for ( p = str; *p; p++ ) {
-                if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
-                     (*p == ':' && index != COMP_RANGE) ) {
-                        free(t);
-                        return 1;
-                }
-        }
+	if (str) {
+		t = (char*) malloc(strlen(str)+1);
+		if ( !t ) { return 1; }
+		for ( p = str; *p; p++ ) {
+			if ( *p == '\t' || *p == ' ' || *p == '\n' || *p == '\r' ||
+			     (*p == ':' && index != COMP_RANGE) ) {
+				free(t);
+				return 1;
+			}
+		}
+		strcpy(t,str);
+	}
         conditional_free(&n->component[index]);
         n->component[index] = t;
-        strcpy(t,str);
         return 0;
 }
 

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: libselinux category patch

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 64 bytes --]

Updated setrans.c to handle s0 and multiple categories. 

-- 



[-- Attachment #2: setrans.c --]
[-- Type: text/x-csrc, Size: 3876 bytes --]

#include <unistd.h>
#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include <selinux/selinux.h>
#include <selinux/context.h>

#define CATEGORYFILE "/etc/secat.conf"

/* Define data structures */
typedef struct selevel {
	char* name;
	char* sename;
} selevel_t;

/* catlist is a simple linked list of selevels extracted from the CATEGORYFILE */
typedef struct cat {
	struct cat *next;
	selevel_t level;
} cat_t;

static cat_t *catlist=NULL;

/* Remove excess white space */
static char *strtrim(char *dest, char *source, int size) {
	int i=0;
	char *ptr=source;
	i=0;
	while(isspace(*ptr) && i < size) {
		ptr++;
		i++;
	}
	strncpy(dest,ptr,size);
	for(i=strlen(dest)-1; i> 0; i--) {
		if (!isspace(dest[i])) break;
	}
	dest[i+1]='\0';
	return dest;
}
/* Process line from CATEGORYFILE. 
   Remove white space and set name do data before the "=" and sename to data
   after it */
static int process_category(char *buffer, cat_t **cat) {
	char name[BUFSIZ];
	char name1[BUFSIZ];
	int namesize=sizeof(name);
	struct cat *next;
	char *ptr;
	char *tok=strtok_r(buffer,"=",&ptr);
	if (!tok) return 0;
	strncpy(name1,tok, BUFSIZ-1);
	strtrim(name,name1,namesize-1);
	if ( name[0]=='#' ) return 0;
	tok=strtok_r(NULL,"\0",&ptr);
	if (!tok) return 0;
	while (isspace(*tok)) tok++;
	next=(cat_t *) calloc(sizeof(cat_t), 1);
	if (!next) return 0;
	next->level.name=strdup(name);
	if (!next->level.name) {
		free(next);
		return 0;
	}
	strncpy(name1,tok, BUFSIZ-1);
	strtrim(name,name1,namesize-1);
	next->level.sename=strdup(name);
	if (!next->level.sename) {
		free(next->level.name);
		free(next);
		return 0;
	}
	*cat=next;
	return 1;
}

/* Read in CATEGORYFILE Only runs once per process.  
   Might want to change to some kind of reload eventually, for long running
   processes.
 */
int init_context_translations(void) {
	FILE *cfg;
	cat_t *ptr=NULL;
	cat_t *next=NULL;
	size_t size=0;
	char *buffer=NULL;
	int ctr=0;
	if (catlist) return 0;
	cfg = fopen(CATEGORYFILE,"r");
	if (cfg == NULL) 
		return 1;

	ptr=catlist=calloc(1,sizeof(cat_t));
	while (getline(&buffer, &size, cfg) > 0) {
		if (process_category(buffer, &next)) {
			ctr++;
			ptr->next=next;
			ptr=next;
		}
	}
	if (buffer)
		free(buffer);
	return 0;
}

/* Look for selevel via internal name */
static char *translate(const char *cat) {
	cat_t *ptr=NULL;
	if (catlist) 
		for (ptr=catlist->next;ptr; ptr=ptr->next) 
			if (strcmp(cat,ptr->level.name)==0) {
				if (strlen(ptr->level.sename)==0)
					return NULL;
				else
					return strdup(ptr->level.sename); 
			}
	return strdup(cat);
}

/* Look for selevel via external name */
static char *untranslate(const char *sename) {
	cat_t *ptr=NULL;
	if (catlist) 
		for(ptr=catlist->next;ptr; ptr=ptr->next)
			if (strcmp(sename,ptr->level.sename)==0) {
				char *buf=calloc(strlen(ptr->level.name+4),1);
				if (buf) 
					sprintf(buf, "s0:%s",ptr->level.name); 
				return buf; 
			}
	return strdup(sename);
}

/* Look for selevel via external name */
int translate_context( const security_context_t oldcon, security_context_t *rcon) {
	const char *range=NULL;
	const char *ptr=NULL;
	context_t con=context_new(oldcon);

	if (! con)
		return -1;

	range=context_range_get(con);
	if (range) {
		ptr=strrchr(range,':');
		if (ptr) 
			ptr++;
		else
			ptr=range;
		context_range_set(con,translate(ptr));
	}
	*rcon=strdup(context_str(con));
	context_free(con);
	return 0;
}

/* Look for selevel via external name */
int untranslate_context( const security_context_t oldcon, security_context_t *rcon) {
	const char *range=NULL;
	char *newrange=NULL;
	context_t con=context_new(oldcon);

	if (! con)
		return -1;

	range=context_range_get(con);
	if (range) {
		newrange=untranslate(range);
		if (newrange) {
			context_range_set(con,newrange);
		}
	}
	*rcon=strdup(context_str(con));
	context_free(con);
	return 0;
}



[-- Attachment #3: secat.conf --]
[-- Type: text/plain, Size: 500 bytes --]

#
# Multiple Category System translation table for SELinux
# 
# Sensitivities s0= should not be modified
# Objects can be categorized with 0-127 categories defined by the admin.
# Objects can be in more then one categories at a time.
# Categories are stored in the system as c0-c127.  Users can use this
# table to translate the categories into a more meaningfull output.
# Examples:
# c0=CompanyConfidential
# c1=PatientRecord
# c2=Unclassified
# c3=TopSecret
# c1,c3=CompanyConfidentialRedHat
s0=

Re: libselinux category patch

[Stephen Smalley]

On Mon, 2005-08-22 at 16:21 -0400, Daniel J Walsh wrote:
> libselinux-rhat.patch is mainly tcs's patch with a couple of changes. 

Hide the translation-related symbols entirely, as they are only used
internally, and provide hidden definitions of the raw functions so that
their internal use by libselinux is always satisfied locally.  See 
http://people.redhat.com/drepper/dsohowto.pdf

Index: libselinux/src/booleans.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/booleans.c,v
retrieving revision 1.18
diff -u -p -r1.18 booleans.c
--- libselinux/src/booleans.c	11 Aug 2005 13:58:28 -0000	1.18
+++ libselinux/src/booleans.c	25 Aug 2005 13:51:59 -0000
@@ -165,6 +165,7 @@ int security_get_boolean_active(const ch
 	free(buf);
 	return val;
 }
+hidden_def(security_get_boolean_active)
 
 int security_set_boolean(const char *name, int value)
 {
Index: libselinux/src/checkAccess.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/checkAccess.c,v
retrieving revision 1.4
diff -u -p -r1.4 checkAccess.c
--- libselinux/src/checkAccess.c	23 Aug 2005 16:46:40 -0000	1.4
+++ libselinux/src/checkAccess.c	25 Aug 2005 13:54:57 -0000
@@ -31,6 +31,7 @@ int selinux_check_passwd_access(access_v
         
         return status;
 }
+hidden_def(selinux_check_passwd_access)
 
 int checkPasswdAccess(access_vector_t requested) {
        return selinux_check_passwd_access(requested);
Index: libselinux/src/compute_member.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/compute_member.c,v
retrieving revision 1.3
diff -u -p -r1.3 compute_member.c
--- libselinux/src/compute_member.c	23 Aug 2005 16:59:39 -0000	1.3
+++ libselinux/src/compute_member.c	25 Aug 2005 13:52:26 -0000
@@ -54,6 +54,7 @@ out:
 	close(fd);
 	return ret;
 }
+hidden_def(security_compute_member_raw)
 
 int security_compute_member(security_context_t scon,
                             security_context_t tcon,
Index: libselinux/src/compute_relabel.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/compute_relabel.c,v
retrieving revision 1.12
diff -u -p -r1.12 compute_relabel.c
--- libselinux/src/compute_relabel.c	23 Aug 2005 16:59:39 -0000	1.12
+++ libselinux/src/compute_relabel.c	25 Aug 2005 13:52:50 -0000
@@ -54,6 +54,7 @@ out:
 	close(fd);
 	return ret;
 }
+hidden_def(security_compute_relabel_raw)
 
 int security_compute_relabel(security_context_t scon,
                              security_context_t tcon,
Index: libselinux/src/fgetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/fgetfilecon.c,v
retrieving revision 1.8
diff -u -p -r1.8 fgetfilecon.c
--- libselinux/src/fgetfilecon.c	23 Aug 2005 16:59:39 -0000	1.8
+++ libselinux/src/fgetfilecon.c	25 Aug 2005 13:53:39 -0000
@@ -43,6 +43,7 @@ out:			
 		*context = buf;
 	return ret;
 }
+hidden_def(fgetfilecon_raw)
 
 int fgetfilecon(int fd, security_context_t *context)
 {
Index: libselinux/src/fsetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/fsetfilecon.c,v
retrieving revision 1.3
diff -u -p -r1.3 fsetfilecon.c
--- libselinux/src/fsetfilecon.c	23 Aug 2005 16:46:40 -0000	1.3
+++ libselinux/src/fsetfilecon.c	25 Aug 2005 13:54:06 -0000
@@ -11,6 +11,7 @@ int fsetfilecon_raw(int fd, security_con
 {
 	return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+hidden_def(setfilecon_raw)
 
 int fsetfilecon(int fd, security_context_t context)
 {
Index: libselinux/src/getexeccon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getexeccon.c,v
retrieving revision 1.7
diff -u -p -r1.7 getexeccon.c
--- libselinux/src/getexeccon.c	23 Aug 2005 16:59:39 -0000	1.7
+++ libselinux/src/getexeccon.c	25 Aug 2005 13:59:12 -0000
@@ -47,6 +47,7 @@ out:
 	close(fd);
 	return ret;
 }
+hidden_def(getexeccon_raw)
 
 int getexeccon(security_context_t *context)
 {
Index: libselinux/src/getfscreatecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getfscreatecon.c,v
retrieving revision 1.7
diff -u -p -r1.7 getfscreatecon.c
--- libselinux/src/getfscreatecon.c	23 Aug 2005 16:59:39 -0000	1.7
+++ libselinux/src/getfscreatecon.c	25 Aug 2005 13:58:56 -0000
@@ -47,6 +47,7 @@ out:
 	close(fd);
 	return ret;
 }
+hidden_def(getfscreatecon_raw)
 
 int getfscreatecon(security_context_t *context)
 {
Index: libselinux/src/getpeercon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getpeercon.c,v
retrieving revision 1.4
diff -u -p -r1.4 getpeercon.c
--- libselinux/src/getpeercon.c	23 Aug 2005 16:59:39 -0000	1.4
+++ libselinux/src/getpeercon.c	25 Aug 2005 13:53:09 -0000
@@ -42,6 +42,7 @@ out:			
 		*context = buf;
 	return ret;
 }
+hidden_def(getpeercon_raw)
 
 int getpeercon(int fd, security_context_t *context)
 {
Index: libselinux/src/getpidcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/getpidcon.c,v
retrieving revision 1.6
diff -u -p -r1.6 getpidcon.c
--- libselinux/src/getpidcon.c	23 Aug 2005 16:59:39 -0000	1.6
+++ libselinux/src/getpidcon.c	25 Aug 2005 13:59:03 -0000
@@ -46,6 +46,7 @@ out:
 	close(fd);
 	return ret;
 }
+hidden_def(getpidcon_raw)
 
 int getpidcon(pid_t pid, security_context_t *context)
 {
Index: libselinux/src/init.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/init.c,v
retrieving revision 1.11
diff -u -p -r1.11 init.c
--- libselinux/src/init.c	24 Aug 2005 19:57:00 -0000	1.11
+++ libselinux/src/init.c	25 Aug 2005 13:43:41 -0000
@@ -9,6 +9,7 @@
 #include <stdio.h>
 #include <dlfcn.h>
 
+#include "dso.h"
 #include "policy.h"
 
 char *selinux_mnt = NULL;
@@ -73,11 +74,12 @@ void set_selinuxmnt(char *mnt)
 	selinux_mnt = strdup(mnt);
 }
  
-int context_translations = 0;
-void *translation_lib_handle = NULL;
+int context_translations hidden;
+void *translation_lib_handle hidden;
+
 /* from libsetrans.c */
-extern int (*lib_trans_to_raw_context)(char *trans, char **rawp);
-extern int (*lib_raw_to_trans_context)(char *raw, char **transp);
+extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp);
+extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp);
 
 
 static void init_translations(void)
Index: libselinux/src/lgetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/lgetfilecon.c,v
retrieving revision 1.8
diff -u -p -r1.8 lgetfilecon.c
--- libselinux/src/lgetfilecon.c	23 Aug 2005 16:59:39 -0000	1.8
+++ libselinux/src/lgetfilecon.c	25 Aug 2005 13:53:28 -0000
@@ -43,6 +43,7 @@ out:			
 		*context = buf;
 	return ret;
 }
+hidden_def(lgetfilecon_raw)
 
 int lgetfilecon(const char *path, security_context_t *context)
 {
Index: libselinux/src/lsetfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/lsetfilecon.c,v
retrieving revision 1.3
diff -u -p -r1.3 lsetfilecon.c
--- libselinux/src/lsetfilecon.c	23 Aug 2005 16:46:41 -0000	1.3
+++ libselinux/src/lsetfilecon.c	25 Aug 2005 13:54:01 -0000
@@ -11,6 +11,7 @@ int lsetfilecon_raw(const char *path, se
 {
 	return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+hidden_def(lsetfilecon_raw)
 
 int lsetfilecon(const char *path, security_context_t context)
 {
Index: libselinux/src/selinux_internal.h
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/selinux_internal.h,v
retrieving revision 1.8
diff -u -p -r1.8 selinux_internal.h
--- libselinux/src/selinux_internal.h	24 Aug 2005 19:57:00 -0000	1.8
+++ libselinux/src/selinux_internal.h	25 Aug 2005 13:58:37 -0000
@@ -1,6 +1,7 @@
 #include <selinux/selinux.h>
 #include "dso.h"
 
+hidden_proto(security_get_boolean_active)
 hidden_proto(security_set_boolean)
 hidden_proto(security_commit_booleans)
 hidden_proto(security_check_context)
@@ -11,6 +12,8 @@ hidden_proto(security_compute_user)
 hidden_proto(security_compute_user_raw)
 hidden_proto(security_compute_create)
 hidden_proto(security_compute_create_raw)
+hidden_proto(security_compute_member_raw)
+hidden_proto(security_compute_relabel_raw)
 hidden_proto(is_selinux_enabled)
 hidden_proto(is_selinux_mls_enabled)
 hidden_proto(freecon)
@@ -19,10 +22,21 @@ hidden_proto(getprevcon)
 hidden_proto(getprevcon_raw)
 hidden_proto(getcon)
 hidden_proto(getcon_raw)
+hidden_proto(setcon_raw)
+hidden_proto(getpeercon_raw)
+hidden_proto(getpidcon_raw)
+hidden_proto(getexeccon_raw)
 hidden_proto(getfilecon)
 hidden_proto(getfilecon_raw)
+hidden_proto(lgetfilecon_raw)
+hidden_proto(fgetfilecon_raw)
+hidden_proto(setfilecon_raw)
+hidden_proto(lsetfilecon_raw)
+hidden_proto(fsetfilecon_raw)
 hidden_proto(setexeccon)
 hidden_proto(setexeccon_raw)
+hidden_proto(getfscreatecon_raw)
+hidden_proto(setfscreatecon_raw)
 hidden_proto(security_getenforce)
 hidden_proto(selinux_default_context_path)
 hidden_proto(selinux_failsafe_context_path)
@@ -32,9 +46,10 @@ hidden_proto(selinux_user_contexts_path)
 hidden_proto(selinux_booleans_path)
 hidden_proto(selinux_customizable_types_path)
 hidden_proto(selinux_media_context_path)
+hidden_proto(selinux_check_passwd_access)
 hidden_proto(matchpathcon_init)
 hidden_proto(selinux_users_path)
 
-extern int context_translations;
-extern int trans_to_raw_context(char *trans, char **rawp);
-extern int raw_to_trans_context(char *raw, char **transp);
+extern int context_translations hidden;
+extern int hidden trans_to_raw_context(char *trans, char **rawp);
+extern int hidden raw_to_trans_context(char *raw, char **transp);
Index: libselinux/src/setcon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/setcon.c,v
retrieving revision 1.2
diff -u -p -r1.2 setcon.c
--- libselinux/src/setcon.c	23 Aug 2005 16:46:41 -0000	1.2
+++ libselinux/src/setcon.c	25 Aug 2005 13:58:48 -0000
@@ -25,6 +25,7 @@ int setcon_raw(security_context_t contex
 	else
 		return 0;
 }
+hidden_def(setcon_raw)
 
 int setcon(char *context)
 {
Index: libselinux/src/setfilecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/setfilecon.c,v
retrieving revision 1.3
diff -u -p -r1.3 setfilecon.c
--- libselinux/src/setfilecon.c	23 Aug 2005 16:46:41 -0000	1.3
+++ libselinux/src/setfilecon.c	25 Aug 2005 13:53:53 -0000
@@ -11,6 +11,7 @@ int setfilecon_raw(const char *path, sec
 {
 	return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context)+1, 0);
 }
+hidden_def(setfilecon_raw)
 
 int setfilecon(const char *path, security_context_t context)
 {
Index: libselinux/src/setfscreatecon.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/setfscreatecon.c,v
retrieving revision 1.5
diff -u -p -r1.5 setfscreatecon.c
--- libselinux/src/setfscreatecon.c	23 Aug 2005 16:46:41 -0000	1.5
+++ libselinux/src/setfscreatecon.c	25 Aug 2005 13:54:37 -0000
@@ -21,6 +21,7 @@ int setfscreatecon_raw(char *context)
 	else
 		return 0;
 }
+hidden_def(setfscreatecon_raw)
 
 int setfscreatecon(char *context)
 {
Index: libselinux/src/trans.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libselinux/src/trans.c,v
retrieving revision 1.3
diff -u -p -r1.3 trans.c
--- libselinux/src/trans.c	24 Aug 2005 20:03:32 -0000	1.3
+++ libselinux/src/trans.c	25 Aug 2005 13:43:24 -0000
@@ -1,10 +1,10 @@
 #include "selinux_internal.h"
 #include <string.h>
 
-int (*lib_trans_to_raw_context)(char *trans, char **rawp) = NULL;
-int (*lib_raw_to_trans_context)(char *raw, char **transp) = NULL;
+int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden;
+int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden;
 
-int trans_to_raw_context(char *trans, char **rawp)
+int hidden trans_to_raw_context(char *trans, char **rawp)
 {
 	*rawp = NULL;
 	if (!trans)
@@ -16,7 +16,7 @@ int trans_to_raw_context(char *trans, ch
 	return *rawp ? 0 : -1;
 }
 
-int raw_to_trans_context(char *raw, char **transp)
+int hidden raw_to_trans_context(char *raw, char **transp) 
 {
 	*transp = NULL;
 	if (!raw)


-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: libselinux category patch

[Chad Hanson]

We definitely need to allow whitespace in the translated context.

-Chad 

Stephen Smalley wrote:
> On Tue, 2005-08-23 at 11:02 -0400, Daniel J Walsh wrote:
>>>Do we truly need to allow whitespace in the (translated) MLS field?
>>>That change to context_new originated in the TCS patch, but I'd prefer
>>>to avoid it if possible.
>>> 
>>
>>I have no problem with not allowing spaces in translated name.  We could 
>>come up with a third field, in the translation, Printable Name or some
>>such, but that could come later...
> 
> I'm just concerned about parsing code having to distinguish normal
> whitespace field separators (e.g. in ps or ls output) from internal
> separators within a label.  If we allow whitespace within the context,
> we essentially have to start printing them all as quoted strings inall
> the utilities, as well as passing them that way as arguments.

Our MITRE based translator really like the whitespace...  I agree thatthe
whitespace is a pain, but we have been using this for quite a while andhave
not run into problems with any utilities that I am aware of.  My biggest
gripe is having to quote arguments to commands when a context has
whitespace...
How about we allow for it, and let those who choose to use whitespace
(unfortunately our translation scheme) deal with the repercussions :)

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: libselinux category patch

[Stephen Smalley]

On Wed, 2005-08-24 at 16:18 -0400, Chad Hanson wrote:
> We definitely need to allow whitespace in the translated context.

Hmm...translated context is beginning to sound like it has a different
format than the raw context, which means that it needs to be handled via
different manipulation functions than the raw context.  Differences that
seem to be getting proposed include:
- Dan wants to strip the sensitivity entirely from the translated
context in the MCS libsetrans because MCS only uses categories,
- Dan would ideally like to strip object_r from the translated context
since it takes up display space and seemingly provides no useful
information,
- You would like the MLS field to include whitespace in the translated
context.

Do we need a separate set of context* functions for raw vs. translated?
Do we need a separate data type?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: libselinux category patch

[Chad Hanson]

 
Upon further discussion, we could probably live without whitespace in the
MLS field. We can perform yet another stripping of the contexts in our own
applications that would desire to show whitespace instead of a
non-whitespace character such as '_'.

-Chad 

>On Wed, 2005-08-24 at 16:18 -0400, Chad Hanson wrote:
>> We definitely need to allow whitespace in the translated context.

>Hmm...translated context is beginning to sound like it has a different
>format than the raw context, which means that it needs to be handled via
>different manipulation functions than the raw context.  Differences that
>seem to be getting proposed include:
>- Dan wants to strip the sensitivity entirely from the translated
>context in the MCS libsetrans because MCS only uses categories,
>- Dan would ideally like to strip object_r from the translated context
>since it takes up display space and seemingly provides no useful
>information,
>- You would like the MLS field to include whitespace in the translated
>context.
>
>Do we need a separate set of context* functions for raw vs. translated?
>Do we need a separate data type?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.