[PATCH] Modify audit2why analyze function to use loaded policy

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Modify audit2why analyze function to use loaded policy
@ 2016-06-03  0:19 Joshua Brindle
  2016-06-03 12:55 ` Joshua Brindle
  0 siblings, 1 reply; 2+ messages in thread
From: Joshua Brindle @ 2016-06-03  0:19 UTC (permalink / raw)
  To: selinux

Class and perms should come from the policy being used for analysis,
not the system policy so use sepol_ interfaces

Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561
---
 libselinux/src/audit2why.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 12745b3..abe1701 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 	if (rc < 0)
 		RETURN(BADTCON)
 
-	tclass = string_to_security_class(tclassstr);
-	if (!tclass)
+	rc = sepol_string_to_security_class(tclassstr, &tclass);
+	if (rc < 0)
 		RETURN(BADTCLASS)
 
 	/* Convert the permission list to an AV. */
@@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 		permstr = PyString_AsString( strObj );
 #endif
 		
-		perm = string_to_av_perm(tclass, permstr);
-		if (!perm)
+		rc = sepol_string_to_av_perm(tclass, permstr, &perm);
+		if (rc < 0)
 			RETURN(BADPERM)
 
 		av |= perm;
-- 
2.1.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Modify audit2why analyze function to use loaded policy
  2016-06-03  0:19 [PATCH] Modify audit2why analyze function to use loaded policy Joshua Brindle
@ 2016-06-03 12:55 ` Joshua Brindle
  0 siblings, 0 replies; 2+ messages in thread
From: Joshua Brindle @ 2016-06-03 12:55 UTC (permalink / raw)
  To: selinux

Joshua Brindle wrote:
> Class and perms should come from the policy being used for analysis,
> not the system policy so use sepol_ interfaces
>

Hrm, this solved my original problem which was that I was getting the 
wrong answer back from audit2why (classes in my policy that weren't in 
the system policy can back with BADTCLASS instead of a more appropriate 
answer) but now I have a segfault so I'll try to track that down.

> Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561
> ---
>   libselinux/src/audit2why.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
> index 12745b3..abe1701 100644
> --- a/libselinux/src/audit2why.c
> +++ b/libselinux/src/audit2why.c
> @@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
>   	if (rc<  0)
>   		RETURN(BADTCON)
>
> -	tclass = string_to_security_class(tclassstr);
> -	if (!tclass)
> +	rc = sepol_string_to_security_class(tclassstr,&tclass);
> +	if (rc<  0)
>   		RETURN(BADTCLASS)
>
>   	/* Convert the permission list to an AV. */
> @@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
>   		permstr = PyString_AsString( strObj );
>   #endif
>   		
> -		perm = string_to_av_perm(tclass, permstr);
> -		if (!perm)
> +		rc = sepol_string_to_av_perm(tclass, permstr,&perm);
> +		if (rc<  0)
>   			RETURN(BADPERM)
>
>   		av |= perm;

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-06-03 12:56 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-03  0:19 [PATCH] Modify audit2why analyze function to use loaded policy Joshua Brindle
2016-06-03 12:55 ` Joshua Brindle

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.