public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
* maybe a bug in SELinux: security_context_to_sid_core
@ 2018-02-28  6:47 Zhang, Ning A
  2018-03-09  2:07 ` Zhang, Ning A
  0 siblings, 1 reply; 2+ messages in thread
From: Zhang, Ning A @ 2018-02-28  6:47 UTC (permalink / raw)
  To: linux-kernel@vger.kernel.org

Hi,

Before SELinux is initialized, get scontext by secid by using:

security_secctx_to_secid() may return wrong numbe

eg:
security_secctx_to_secid("devnull", strlen("devnull"), &sid);

sid here will be 1

because:

in security_context_to_sid_core:

...
	if (!ss_initialized) {
		int i;

		for (i = 1; i < SECINITSID_NUM; i++) {
			if (!strcmp(initial_sid_to_string[i],
scontext)) {
				*sid = i;
				return 0;
			}
		}
		*sid = SECINITSID_KERNEL;
		return 0;
	}
...

and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
right secid for "devnull".

is this by design or bug?

BR.
Ning.

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: maybe a bug in SELinux: security_context_to_sid_core
  2018-02-28  6:47 maybe a bug in SELinux: security_context_to_sid_core Zhang, Ning A
@ 2018-03-09  2:07 ` Zhang, Ning A
  0 siblings, 0 replies; 2+ messages in thread
From: Zhang, Ning A @ 2018-03-09  2:07 UTC (permalink / raw)
  To: linux-kernel@vger.kernel.org, Roberts, William C

Hi, Bill

For below SELinux behavior, do you know why.

BR.
Ning.


在 2018-02-28三的 14:47 +0800,Zhang Ning写道:
> Hi,
> 
> Before SELinux is initialized, get scontext by secid by using:
> 
> security_secctx_to_secid() may return wrong numbe
> 
> eg:
> security_secctx_to_secid("devnull", strlen("devnull"), &sid);
> 
> sid here will be 1
> 
> because:
> 
> in security_context_to_sid_core:
> 
> ...
> 	if (!ss_initialized) {
> 		int i;
> 
> 		for (i = 1; i < SECINITSID_NUM; i++) {
> 			if (!strcmp(initial_sid_to_string[i],
> scontext)) {
> 				*sid = i;
> 				return 0;
> 			}
> 		}
> 		*sid = SECINITSID_KERNEL;
> 		return 0;
> 	}
> ...
> 
> and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
> right secid for "devnull".
> 
> is this by design or bug?
> 
> BR.
> Ning.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-03-09  2:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-02-28  6:47 maybe a bug in SELinux: security_context_to_sid_core Zhang, Ning A
2018-03-09  2:07 ` Zhang, Ning A

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox