From: Linda Knippers <linda.knippers@hp.com>
To: SELinux Mail List <selinux@tycho.nsa.gov>
Subject: [PATCH] enable/disable context translation in libselinux
Date: Wed, 04 Oct 2006 12:52:37 -0400 [thread overview]
Message-ID: <4523E6D5.1040805@hp.com> (raw)
There was a discussion on the redhat-lspp mailing list about a problem
with mcstransd and whether it needs to check whether the user is allowed
to see a translated context. See
https://www.redhat.com/archives/redhat-lspp/2006-September/msg00086.html
While prototyping adding an avc_has_perm() to the mcstransd, we discovered
that avc_has_perm() can go down a path where it needs to translate the
context in order to make the check, which is not what we want to do from
mcstransd. Stephen suggested adding a call in libselinux to allow a process
to enabled/disable translations for subsequent calls into libselinux so
the following patch does that. Comments?
I'm also including a patch to mcstransd as a sample user of the library
routine but this patch is not ready for prime time since as Stephen pointed
out, we probably need a new class and permission so that the translation
policy can be different from the file access policy, Dan would like to see
the access check be configurable via setrans.conf and mcstransd still
doesn't use getpeercon(). I believe Darrel is going to take a shot
at at least the policy part.
-- ljk
include/selinux/selinux.h | 4 ++++
src/setrans_client.c | 15 +++++++++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
--- libselinux-1.30.28/src/setrans_client.c 2006-09-13 13:37:04.000000000 -0400
+++ libselinux-1.30.28.ljk/src/setrans_client.c 2006-10-04 11:35:48.000000000 -0400
@@ -17,6 +17,7 @@
#include "setrans_internal.h"
static int mls_enabled = -1;
+static int trans_enabled = 1;
// Simple cache
static __thread security_context_t prev_t2r_trans = NULL;
@@ -245,7 +246,7 @@ int selinux_trans_to_raw_context(securit
return 0;
}
- if (!mls_enabled) {
+ if (!mls_enabled || !trans_enabled) {
*rawp = strdup(trans);
goto out;
}
@@ -287,7 +288,7 @@ int selinux_raw_to_trans_context(securit
return 0;
}
- if (!mls_enabled) {
+ if (!mls_enabled || !trans_enabled) {
*transp = strdup(raw);
goto out;
}
@@ -320,3 +321,13 @@ int selinux_raw_to_trans_context(securit
}
hidden_def(selinux_raw_to_trans_context)
+
+/*
+ * Enable/disable context translation.
+ * 0 means disable.
+ */
+void selinux_set_translation (int value)
+{
+ trans_enabled = value;
+ return;
+}
--- libselinux-1.30.28/include/selinux/selinux.h 2006-09-13
13:37:05.000000000 -0400
+++ libselinux-1.30.28.ljk/include/selinux/selinux.h 2006-10-04
11:37:44.000000000 -0400
@@ -444,6 +444,10 @@ extern "C" {
extern int selinux_raw_to_trans_context(security_context_t raw,
security_context_t * transp);
+/* Enable/disable the translation of contexts for the calling process.
+ 0 means disabled */
+ extern void selinux_set_translation(int value);
+
/* Get the SELinux username and level to use for a given Linux username.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
--- mcstrans-0.1.8/src/mcstransd.c 2006-06-19 14:38:08.000000000 -0400
+++ mcstrans-0.1.8.ljk/src/mcstransd.c 2006-10-04 11:40:00.000000000 -0400
@@ -17,6 +17,9 @@
#include <sys/types.h>
#include <sys/capability.h>
#include <sys/resource.h>
+#include <selinux/avc.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
#ifdef UNUSED
#elif defined(__GNUC__)
@@ -71,22 +74,43 @@ static __attribute__((noreturn)) void c
}
/*
+ * Check to see if the subject requesting the translation
+ * is cleared to see the translation.
+ * Returns: 0 on success (allowed), 1 on failure (denied).
+ */
+static int
+cleared_to_translate(char *in, char *pcon)
+{
+
+ security_id_t ssid,tsid; /* SELinux SIDS */
+ int retval;
+
+ avc_init(SETRANSD_PROGNAME, NULL, NULL, NULL, NULL);
+ if (avc_context_to_sid(pcon, &ssid) != 0)
+ return 1;
+ if (avc_context_to_sid(in, &tsid) != 0)
+ return 1;
+ retval = avc_has_perm(ssid, tsid, SECCLASS_FILE, FILE__GETATTR,
+ NULL, NULL);
+ if (retval == 0)
+ return 0;
+ return 1;
+}
+
+/*
* Convert raw label portion of a security context to translated label
* Returns: 0 on success, 1 on failure
*/
static int
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2006-10-04 16:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-04 16:52 Linda Knippers [this message]
2006-10-04 19:17 ` [PATCH] enable/disable context translation in libselinux Stephen Smalley
2006-10-04 20:55 ` Klaus Weidner
2006-10-04 20:58 ` Linda Knippers
2006-10-04 21:04 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4523E6D5.1040805@hp.com \
--to=linda.knippers@hp.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.