From: Venkat Yekkirala <vyekkirala@TrustedCS.com>
To: tjaeger@cse.psu.edu
Cc: sds@tycho.nsa.gov, selinux@tycho.nsa.gov, latten@austin.ibm.com,
hallyn@elg11.watson.ibm.com
Subject: Question on checks against unlabeled
Date: Mon, 30 Oct 2006 14:40:48 -0600 [thread overview]
Message-ID: <45466350.5020203@trustedcs.com> (raw)
Hi Trent et al,
I have a question on the following checks in security/selinux/xfrm.c:
Specifically, there's a check against unlabeled_t even when there's
no association involved. Is this really intended in the sense of meeting
a goal such as a process should always use labeled ipsec or was the intention
to actually use unlabeled_t only when there's an SA being used, but it's
not labeled.
Thanks,
venkat
int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb,
struct avc_audit_data *ad)
{
int i, rc = 0;
struct sec_path *sp;
u32 sel_sid = SECINITSID_UNLABELED;
sp = skb->sp;
if (sp) {
for (i = 0; i < sp->len; i++) {
struct xfrm_state *x = sp->xvec[i];
if (x && selinux_authorizable_xfrm(x)) {
struct xfrm_sec_ctx *ctx = x->security;
sel_sid = ctx->ctx_sid;
break;
}
}
}
rc = avc_has_perm(isec_sid, sel_sid, SECCLASS_ASSOCIATION,
/*
* POSTROUTE_LAST hook's XFRM processing:
* If we have no security association, then we need to determine
* whether the socket is allowed to send to an unlabelled destination.
* If we do have a authorizable security association, then it has already been
* checked in xfrm_policy_lookup hook.
*/
int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb,
struct avc_audit_data *ad)
{
struct dst_entry *dst;
int rc = 0;
dst = skb->dst;
if (dst) {
struct dst_entry *dst_test;
for (dst_test = dst; dst_test != 0;
dst_test = dst_test->child) {
struct xfrm_state *x = dst_test->xfrm;
if (x && selinux_authorizable_xfrm(x))
goto out;
}
}
rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION,
ASSOCIATION__SENDTO, ad);
out:
return rc;
}
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2006-10-30 20:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-30 20:40 Venkat Yekkirala [this message]
2006-10-30 20:58 ` Question on checks against unlabeled Trent Jaeger
2006-10-31 15:14 ` Venkat Yekkirala
2006-11-01 14:48 ` Christopher J. PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45466350.5020203@trustedcs.com \
--to=vyekkirala@trustedcs.com \
--cc=hallyn@elg11.watson.ibm.com \
--cc=latten@austin.ibm.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=tjaeger@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.