Re: [RFC] Add color translation support to mcstransd

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eamon Walsh <ewalsh@tycho.nsa.gov>
To: Xavier Toth <txtoth@gmail.com>
Cc: Joe Nall <joe@nall.com>, SELinux List <selinux@tycho.nsa.gov>,
	James Carter <jwcart2@tycho.nsa.gov>,
	Stephen Smalley <sds@tycho.nsa.gov>
Subject: Re: [RFC] Add color translation support to mcstransd
Date: Thu, 11 Dec 2008 16:35:59 -0500	[thread overview]
Message-ID: <494187BF.2090301@tycho.nsa.gov> (raw)
In-Reply-To: <cadfc0e40812051416v15070ddag132ff548d535052c@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

Xavier Toth wrote:
>
> Sorry to be pedantic but is there a reference implementation or will
> the mcstrans developer (Joe) have to develop it?
>
> Ted
>   

Also here is a preliminary libselinux patch.


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


[-- Attachment #2: setrans_color.patch --]
[-- Type: text/x-patch, Size: 4161 bytes --]

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 3bfc0c8..aa0e328 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -504,6 +504,15 @@ extern int selinux_trans_to_raw_context(security_context_t trans,
 extern int selinux_raw_to_trans_context(security_context_t raw,
 					security_context_t * transp);
 
+/* Perform context translation between security contexts
+   and display colors.  Returns a space-separated list of ten
+   ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
+   Caller must free the resulting string via free.
+   Returns -1 upon an error or 0 otherwise.
+   If passed NULL, sets the returned string to NULL and returns 0. */
+extern int selinux_raw_context_to_color(security_context_t raw,
+					char **color_str);
+
 /* Get the SELinux username and level to use for a given Linux username. 
    These values may then be passed into the get_ordered_context_list*
    and get_default_context* functions to obtain a context for the user.
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index eaf1767..0eeca71 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -77,6 +77,7 @@ hidden_proto(selinux_getenforcemode);
 hidden_proto(selinux_getpolicytype);
 hidden_proto(selinux_raw_to_trans_context);
 hidden_proto(selinux_trans_to_raw_context);
+    hidden_proto(selinux_raw_context_to_color);
 hidden_proto(security_get_initial_context);
 hidden_proto(security_get_initial_context_raw);
 
diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
index a02f407..922f95c 100644
--- a/libselinux/src/setrans_client.c
+++ b/libselinux/src/setrans_client.c
@@ -30,6 +30,8 @@ static __thread security_context_t prev_t2r_trans = NULL;
 static __thread security_context_t prev_t2r_raw = NULL;
 static __thread security_context_t prev_r2t_trans = NULL;
 static __thread security_context_t prev_r2t_raw = NULL;
+static __thread char *prev_r2c_trans = NULL;
+static __thread security_context_t prev_r2c_raw = NULL;
 
 /*
  * setransd_open
@@ -212,12 +214,38 @@ static int trans_to_raw_context(char *trans, char **rawp)
 	return ret;
 }
 
+static int raw_context_to_color(char *raw, char **colors)
+{
+	int ret;
+	int32_t ret_val;
+	int fd;
+
+	fd = setransd_open();
+	if (fd < 0)
+		return fd;
+
+	ret = send_request(fd, RAW_CONTEXT_TO_COLOR, raw, NULL);
+	if (ret)
+		goto out;
+
+	ret = receive_response(fd, RAW_CONTEXT_TO_COLOR, colors, &ret_val);
+	if (ret)
+		goto out;
+
+	ret = ret_val;
+out:
+	close(fd);
+	return ret;
+}
+
 hidden void fini_context_translations(void)
 {
 	free(prev_r2t_trans);
 	free(prev_r2t_raw);
 	free(prev_t2r_trans);
 	free(prev_t2r_raw);
+	free(prev_r2c_trans);
+	free(prev_r2c_raw);
 }
 
 hidden int init_context_translations(void)
@@ -303,6 +331,39 @@ int selinux_raw_to_trans_context(security_context_t raw,
 }
 
 hidden_def(selinux_raw_to_trans_context)
+
+int selinux_raw_context_to_color(security_context_t raw, char **transp)
+{
+	if (!raw) {
+		*transp = NULL;
+		return 0;
+	}
+
+	if (prev_r2c_raw && strcmp(prev_r2c_raw, raw) == 0) {
+		*transp = strdup(prev_r2c_trans);
+	} else {
+		free(prev_r2c_raw);
+		prev_r2c_raw = NULL;
+		free(prev_r2c_trans);
+		prev_r2c_trans = NULL;
+		if (raw_context_to_color(raw, transp))
+			*transp = strdup(raw);
+		if (*transp) {
+			prev_r2c_raw = strdup(raw);
+			if (!prev_r2c_raw)
+				goto out;
+			prev_r2c_trans = strdup(*transp);
+			if (!prev_r2c_trans) {
+				free(prev_r2c_raw);
+				prev_r2c_raw = NULL;
+			}
+		}
+	}
+      out:
+	return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_context_to_color)
 #else /*DISABLE_SETRANS*/
 
 hidden void fini_context_translations(void)
diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h
index 4e04b54..f6e25b1 100644
--- a/libselinux/src/setrans_internal.h
+++ b/libselinux/src/setrans_internal.h
@@ -4,6 +4,7 @@
 
 #define RAW_TO_TRANS_CONTEXT		2
 #define TRANS_TO_RAW_CONTEXT		3
+#define RAW_CONTEXT_TO_COLOR		4
 #define MAX_DATA_BUF			8192
 
 extern int init_context_translations(void);

next prev parent reply	other threads:[~2008-12-11 21:35 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-22  3:59 [RFC] Add color translation support to mcstransd Eamon Walsh
2008-11-22  4:22 ` Joe Nall
2008-11-24 19:25   ` Eamon Walsh
2008-12-05 22:16     ` Xavier Toth
2008-12-06  0:31       ` Eamon Walsh
2008-12-06  1:12         ` Eamon Walsh
2008-12-06  3:41           ` Russell Coker
2008-12-08 19:47             ` Eamon Walsh
2008-12-11 21:35       ` Eamon Walsh [this message]
2008-12-24 16:23         ` Xavier Toth
2009-01-01  0:01           ` Eamon Walsh
2009-01-05 22:49             ` Daniel J Walsh
2008-12-17 16:50 ` Xavier Toth
2008-12-18 20:14   ` Eamon Walsh
2008-12-19 15:24     ` Xavier Toth

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3bfc0c8 dfblob:aa0e328 dfblob:eaf1767 dfblob:0eeca71
dfblob:a02f407 dfblob:922f95c dfblob:4e04b54 dfblob:f6e25b1 )
 OR (
bs:"Re: [RFC] Add color translation support to mcstransd" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=494187BF.2090301@tycho.nsa.gov \
    --to=ewalsh@tycho.nsa.gov \
    --cc=joe@nall.com \
    --cc=jwcart2@tycho.nsa.gov \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=txtoth@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.