From: Ivan Gyurdiev <ivg2@cornell.edu>
To: SELinux List <SELinux@tycho.nsa.gov>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
Joshua Brindle <jbrindle@tresys.com>
Subject: [SEMANAGE] Validation of local file contexts
Date: Thu, 05 Jan 2006 17:11:45 -0500 [thread overview]
Message-ID: <43BD99A1.3070700@cornell.edu> (raw)
[-- Attachment #1: Type: text/plain, Size: 840 bytes --]
This patch adds context validation of local changes to file contexts.
Should I also check if the regexp is valid?
Should I check if the Unix user exists for seusers?
=======
This also adds another warning for semanage <---> sepol incompatible
data structures, but this is a known issue.
I could hide the warnings, but I'd rather not - we may still want to
address the problem. I tried to write conversion wrappers once before,
and got rather far - maybe I'll finish this work, if you think it's
desirable not to rely on compatible records.
=========
Another thing that I'd like to note - those kinds of validation runs
prevent installing seusers or file_contexts that are bad, but also work
in the opposite direction, and prevent policy upgrades that will break
local customizations - not sure if this is the desired approach.
[-- Attachment #2: libsemanage.fcontext_local_validation.diff --]
[-- Type: text/x-patch, Size: 5063 bytes --]
diff -Naurp --exclude-from excludes old/libsemanage/src/direct_api.c new/libsemanage/src/direct_api.c
--- old/libsemanage/src/direct_api.c 2006-01-05 08:26:19.000000000 -0500
+++ new/libsemanage/src/direct_api.c 2006-01-05 16:56:33.000000000 -0500
@@ -351,12 +351,13 @@ static int semanage_direct_commit(semana
dbase_config_t* ifaces = semanage_iface_dbase_local(sh);
dbase_config_t* fcontexts = semanage_fcontext_dbase_local(sh);
dbase_config_t* seusers = semanage_seuser_dbase(sh);
+ int fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
+ int seusers_modified = seusers->dtable->is_modified(seusers->dbase);
modified |= users->dtable->is_modified(users->dbase);
modified |= ports->dtable->is_modified(ports->dbase);
modified |= bools->dtable->is_modified(bools->dbase);
- modified |= fcontexts->dtable->is_modified(fcontexts->dbase);
+ modified |= fcontexts_modified;
modified |= ifaces->dtable->is_modified(ifaces->dbase);
- int seusers_modified = seusers->dtable->is_modified(seusers->dbase);
/* FIXME: get rid of this, once we support loading the existing policy,
* instead of rebuilding it for seusers */
@@ -408,6 +409,15 @@ static int semanage_direct_commit(semana
/* FIXME: else if !modified, but seusers_modified,
* load the existing policy instead of rebuilding */
+ /* Validate local modifications to file contexts.
+ * Note: those are still cached, even though they've been
+ * merged into the main file_contexts. We won't check the
+ * large file_contexts - checked at compile time */
+ if (sh->do_rebuild || modified || fcontexts_modified) {
+ if (semanage_fcontext_validate_local(sh, out) < 0)
+ goto cleanup;
+ }
+
/* Validate seusers against policy
* if either policy changed, or seusers changed,
* or we forced a rebuild */
diff -Naurp --exclude-from excludes old/libsemanage/src/fcontext_internal.h new/libsemanage/src/fcontext_internal.h
--- old/libsemanage/src/fcontext_internal.h 2006-01-04 12:18:17.000000000 -0500
+++ new/libsemanage/src/fcontext_internal.h 2006-01-05 16:55:49.000000000 -0500
@@ -4,6 +4,7 @@
#include <semanage/fcontext_record.h>
#include <semanage/fcontexts_local.h>
#include <semanage/fcontexts_policy.h>
+#include <sepol/policydb.h>
#include "database.h"
#include "handle.h"
#include "dso.h"
@@ -21,4 +22,8 @@ extern int fcontext_file_dbase_init(
extern void fcontext_file_dbase_release(
dbase_config_t* dconfig);
+extern int hidden semanage_fcontext_validate_local(
+ semanage_handle_t* handle,
+ const sepol_policydb_t* policydb);
+
#endif
diff -Naurp --exclude-from excludes old/libsemanage/src/fcontexts_local.c new/libsemanage/src/fcontexts_local.c
--- old/libsemanage/src/fcontexts_local.c 2006-01-05 14:41:09.000000000 -0500
+++ new/libsemanage/src/fcontexts_local.c 2006-01-05 16:58:56.000000000 -0500
@@ -6,8 +6,12 @@ typedef struct semanage_fcontext_key rec
typedef struct semanage_fcontext record_t;
#define DBASE_RECORD_DEFINED
+#include <stdlib.h>
#include <stddef.h>
+#include <sepol/policydb.h>
+#include <sepol/context.h>
#include "fcontext_internal.h"
+#include "debug.h"
#include "handle.h"
#include "database.h"
@@ -91,3 +95,54 @@ int semanage_fcontext_list_local(
dbase_config_t* dconfig = semanage_fcontext_dbase_local(handle);
return dbase_list(handle, dconfig, records, count);
}
+
+struct validate_handler_arg {
+ semanage_handle_t* handle;
+ const sepol_policydb_t* policydb;
+};
+
+static int validate_handler(
+ const semanage_fcontext_t* fcon,
+ void* varg) {
+
+ char* str;
+
+ /* Unpack varg */
+ struct validate_handler_arg* arg =
+ (struct validate_handler_arg*) varg;
+ semanage_handle_t* handle = arg->handle;
+ const sepol_policydb_t* policydb = arg->policydb;
+
+ /* Unpack fcontext */
+ const char* expr = semanage_fcontext_get_expr(fcon);
+ const char* type_str = semanage_fcontext_get_type_str(fcon);
+ semanage_context_t* con = semanage_fcontext_get_con(fcon);
+
+ /* FIXME: verify expr? */
+
+ if (sepol_context_check(handle->sepolh, policydb, con) < 0)
+ goto invalid;
+
+ return 0;
+
+ invalid:
+ if (semanage_context_to_string(handle, con, &str) >= 0) {
+ ERR(handle, "invalid context %s specified for %s [%s]",
+ str, expr, type_str);
+ free(str);
+ } else
+ ERR(handle, "invalid context specified for %s [%s]",
+ expr, type_str);
+ return -1;
+}
+
+int hidden semanage_fcontext_validate_local(
+ semanage_handle_t* handle,
+ const sepol_policydb_t* policydb) {
+
+ struct validate_handler_arg arg;
+ arg.handle = handle;
+ arg.policydb = policydb;
+ return semanage_fcontext_iterate_local(handle, validate_handler, &arg);
+}
+
diff -Naurp --exclude-from excludes old/libsemanage/src/seusers.c new/libsemanage/src/seusers.c
--- old/libsemanage/src/seusers.c 2006-01-05 14:41:09.000000000 -0500
+++ new/libsemanage/src/seusers.c 2006-01-05 16:38:25.000000000 -0500
@@ -97,7 +97,6 @@ int semanage_seuser_list(
return dbase_list(handle, dconfig, records, count);
}
-
struct validate_handler_arg {
semanage_handle_t* handle;
const sepol_policydb_t* policydb;
next reply other threads:[~2006-01-05 22:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-05 22:11 Ivan Gyurdiev [this message]
2006-01-06 14:57 ` [SEMANAGE] Validation of local file contexts Stephen Smalley
2006-01-06 15:23 ` Daniel J Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43BD99A1.3070700@cornell.edu \
--to=ivg2@cornell.edu \
--cc=SELinux@tycho.nsa.gov \
--cc=jbrindle@tresys.com \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.