[ SEPOL ] Check if policy file is MLS enabled

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ivan Gyurdiev <ivg2@cornell.edu>
To: selinux@tycho.nsa.gov, Stephen Smalley <sds@tycho.nsa.gov>
Subject: [ SEPOL ] Check if policy file is MLS enabled
Date: Wed, 23 Nov 2005 06:30:05 -0500	[thread overview]
Message-ID: <438452BD.30101@cornell.edu> (raw)

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: libsepol.mls_enabled.diff --]
[-- Type: text/x-patch, Size: 3558 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/include/sepol/policydb.h new/libsepol/include/sepol/policydb.h
--- old/libsepol/include/sepol/policydb.h	2005-10-18 10:08:39.000000000 -0400
+++ new/libsepol/include/sepol/policydb.h	2005-11-23 05:54:09.000000000 -0500
@@ -53,6 +53,14 @@ extern void sepol_policy_file_set_fp(sep
 extern void sepol_policy_file_set_handle(sepol_policy_file_t *pf,
 					 sepol_handle_t *handle);
 
+/*
+ * Check if the policy file enables MLS
+ */
+
+extern int sepol_policy_file_mls_enabled(
+	sepol_policy_file_t* spf,
+	int* mls_enabled);
+
 /* Policydb public interfaces. */
 
 /* Create and free memory associated with a policydb. */
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/policydb_public.c new/libsepol/src/policydb_public.c
--- old/libsepol/src/policydb_public.c	2005-11-01 17:32:59.000000000 -0500
+++ new/libsepol/src/policydb_public.c	2005-11-23 05:57:42.000000000 -0500
@@ -1,6 +1,8 @@
 #include <stdlib.h>
 
+#include "handle.h"
 #include "debug.h"
+#include "private.h"
 #include <sepol/policydb/policydb.h>
 #include "policydb_internal.h"
 
@@ -60,6 +62,64 @@ void sepol_policy_file_free(sepol_policy
 	free(pf);
 }
 
+int sepol_policy_file_mls_enabled(
+	sepol_policy_file_t* spf,
+        int* mls_enabled)  {
+
+	sepol_handle_t* handle = spf->pf.handle;
+	struct policy_file* pf = &spf->pf;
+	unsigned int policy_type;
+	uint32_t *buf;
+
+	/**
+	 * 4 bytes magic
+	 * 4 bytes ID length x
+	 * x bytes ID string
+	 * (modules only): 4 bytes module type
+	 * 4 bytes policy version
+	 * 4 bytes mls status */
+
+	/* Magic, ID length */
+	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
+		goto err;
+
+	/* Check policy type */
+	buf[0] = le32_to_cpu(buf[0]);
+	if (buf[0] == POLICYDB_MAGIC)
+		policy_type = POLICY_KERN;
+        else if (buf[0] == POLICYDB_MOD_MAGIC)
+		policy_type = POLICY_MOD;
+        else {
+                ERR(handle, "policydb magic number %#08x does not "
+			"match expected magic number %#08x or %#08x",
+			buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
+		return STATUS_ERR;
+	}
+
+	/* Skip ID string */
+	buf[1] = le32_to_cpu(buf[1]);
+	if (!next_entry(pf, buf[1]))
+		goto err;
+
+	/* Skip module type */
+	if (policy_type == POLICY_MOD &&
+		!next_entry(pf, sizeof(uint32_t)))
+		goto err;
+
+	/* Skip policy version */
+	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
+		goto err;
+
+	/* Is MLS enabled? */
+	buf[1] = le32_to_cpu(buf[1]);
+	*mls_enabled = (buf[1] & POLICYDB_CONFIG_MLS)? 1:0;
+	return STATUS_SUCCESS;
+
+	err:
+	ERR(handle, "truncated policy file - could not check MLS status");
+	return STATUS_ERR;
+}
+
 /* Policydb interfaces. */
 
 int sepol_policydb_create(sepol_policydb_t **sp)
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/user_record.c new/libsepol/src/user_record.c
--- old/libsepol/src/user_record.c	2005-11-19 00:51:25.000000000 -0500
+++ new/libsepol/src/user_record.c	2005-11-23 05:58:22.000000000 -0500
@@ -271,7 +271,7 @@ int sepol_user_get_roles(
 hidden_def(sepol_user_get_roles)
 
 void sepol_user_del_role(
-	sepol_handle_t* handle,	
+	sepol_handle_t* handle,
 	sepol_user_t* user, 
 	const char* role) {

next             reply	other threads:[~2005-11-23 11:30 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-23 11:30 Ivan Gyurdiev [this message]
2005-11-23 13:15 ` [ SEPOL ] Check if policy file is MLS enabled Joshua Brindle
2005-11-23 13:48   ` Ivan Gyurdiev
2005-11-28 19:28     ` Stephen Smalley
2005-11-28 21:23       ` Ivan Gyurdiev
2005-11-29 13:34         ` Stephen Smalley
2005-11-29 14:41         ` Stephen Smalley
2005-11-29 14:45           ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=438452BD.30101@cornell.edu \
    --to=ivg2@cornell.edu \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.