SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH] libsepol: support the handle_unknown config flag This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: Eric Paris <eparis_at_redhat.com> Date: Tue, 18 Sep 2007 16:11:20 -0400 On Tue, 2007-09-18 at 16:00 -0400, Stephen Smalley wrote: > On Thu, 2007-08-23 at 16:27 -0400, Stephen Smalley wrote: > > On Wed, 2007-08-01 at 11:52 -0400, Eric Paris wrote: > > > Update the policydb definition to contain a handle_unknown flag. Change > > > libsepol to copy the handle_unknown config flag from the base policy to > > > the final binary policy. Also makes libsepol properly read and write > > > the flag which dealing with policy modules. > > > > > > Signed-off-by: Eric Paris <eparis@redhat.com> > > > > Here is a patch on top of yours that allows you to override the base > > module setting via semanage.conf, handle-unknown = [deny,reject,allow]. > > Need to make a final decision on this patch - benefit is that the end > user can alter the allow/reject/deny behavior for unknown classes/perms > without rebuilding their base module, which is also precisely what > worries people about it ;) Could be used by a user to select deny or > reject if the distro defaults to allow (e.g. Fedora) for the purpose of > "tightening" the system or to select allow if the distro defaults to > deny or reject for the purpose of relaxing the system. I vote 'yeah' and lets make sure the kernel audits the message correctly. If the certification types really feel we need an old and new value (still this is at policy load time) I'm sure I can find some way to do it. -Eric > > > > > --- > > > > libsemanage/src/conf-parse.y \| 35 ++++++++++++++++++++--------- > > libsemanage/src/conf-scan.l \| 1 > > libsemanage/src/semanage_conf.h \| 1 > > libsemanage/src/semanage_store.c \| 2 + > > libsepol/include/sepol/policydb.h \| 7 +++++ > > libsepol/include/sepol/policydb/policydb.h \| 6 ++-- > > libsepol/src/policydb_public.c \| 18 ++++++++++++++ > > 7 files changed, 57 insertions(+), 13 deletions(-) > > > > diff -X /home/sds/dontdiff -ru eric/libsemanage/src/conf-parse.y trunk/libsemanage/src/conf-parse.y > > --- eric/libsemanage/src/conf-parse.y 2007-08-23 16:11:02.000000000 -0400 > > +++ trunk/libsemanage/src/conf-parse.y 2007-08-23 16:03:20.000000000 -0400 > > @@ -57,7 +57,7 @@ > > } > > > > %token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED > > -%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON > > +%token LOAD_POLICY_START SETFILES_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN > > %token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END > > %token PROG_PATH PROG_ARGS > > %token <s> ARG > > @@ -81,6 +81,7 @@ > > \| save_previous > > \| save_linked > > \| disable_genhomedircon > > + \| handle_unknown > > ; > > > > module_store: MODULE_STORE '=' ARG { > > @@ -139,15 +140,28 @@ > > ; > > > > disable_genhomedircon: DISABLE_GENHOMEDIRCON '=' ARG { > > - if (strcasecmp($3, "false") == 0) { > > - current_conf->disable_genhomedircon = 0; > > - } else if (strcasecmp($3, "true") == 0) { > > - current_conf->disable_genhomedircon = 1; > > - } else { > > - yyerror("disable-genhomedircon can only be 'true' or 'false'"); > > - } > > - free($3); > > - } > > + if (strcasecmp($3, "false") == 0) { > > + current_conf->disable_genhomedircon = 0; > > + } else if (strcasecmp($3, "true") == 0) { > > + current_conf->disable_genhomedircon = 1; > > + } else { > > + yyerror("disable-genhomedircon can only be 'true' or 'false'"); > > + } > > + free($3); > > + } > > + > > +handle_unknown: HANDLE_UNKNOWN '=' ARG { > > + if (strcasecmp($3, "deny") == 0) { > > + current_conf->handle_unknown = SEPOL_DENY_UNKNOWN; > > + } else if (strcasecmp($3, "reject") == 0) { > > + current_conf->handle_unknown = SEPOL_REJECT_UNKNOWN; > > + } else if (strcasecmp($3, "allow") == 0) { > > + current_conf->handle_unknown = SEPOL_ALLOW_UNKNOWN; > > + } else { > > + yyerror("handle-unknown can only be 'deny', 'reject' or 'allow'"); > > + } > > + free($3); > > + } > > > > command_block: > > command_start external_opts BLOCK_END { > > @@ -214,6 +228,7 @@ > > conf->store_path = strdup(basename(selinux_policy_root())); > > conf->policyvers = sepol_policy_kern_vers_max(); > > conf->expand_check = 1; > > + conf->handle_unknown = -1; > > conf->file_mode = 0644; > > > > conf->save_previous = 0; > > diff -X /home/sds/dontdiff -ru eric/libsemanage/src/conf-scan.l trunk/libsemanage/src/conf-scan.l > > --- eric/libsemanage/src/conf-scan.l 2007-08-23 16:11:02.000000000 -0400 > > +++ trunk/libsemanage/src/conf-scan.l 2007-08-23 15:53:28.000000000 -0400 > > @@ -45,6 +45,7 @@ > > save-previous return SAVE_PREVIOUS; > > save-linked return SAVE_LINKED; > > disable-genhomedircon return DISABLE_GENHOMEDIRCON; > > +handle-unknown return HANDLE_UNKNOWN; > > "[load_policy]" return LOAD_POLICY_START; > > "[setfiles]" return SETFILES_START; > > "[verify module]" return VERIFY_MOD_START; > > diff -X /home/sds/dontdiff -ru eric/libsemanage/src/semanage_conf.h trunk/libsemanage/src/semanage_conf.h > > --- eric/libsemanage/src/semanage_conf.h 2007-08-23 16:11:02.000000000 -0400 > > +++ trunk/libsemanage/src/semanage_conf.h 2007-08-23 15:53:53.000000000 -0400 > > @@ -38,6 +38,7 @@ > > int save_previous; > > int save_linked; > > int disable_genhomedircon; > > + int handle_unknown; > > mode_t file_mode; > > struct external_prog load_policy;* > > struct external_prog setfiles;* > > diff -X /home/sds/dontdiff -ru eric/libsemanage/src/semanage_store.c trunk/libsemanage/src/semanage_store.c > > --- eric/libsemanage/src/semanage_store.c 2007-08-23 16:11:02.000000000 -0400 > > +++ trunk/libsemanage/src/semanage_store.c 2007-08-23 16:21:53.000000000 -0400 > > @@ -1619,6 +1619,8 @@ > > ERR(sh, "Unknown/Invalid policy version %d.", policyvers); > > goto err; > > } > > + if (sh->conf->handle_unknown >= 0) > > + sepol_policydb_set_handle_unknown(out, sh->conf->handle_unknown); > > > > policydb = out;* > > return STATUS_SUCCESS; > > diff -X /home/sds/dontdiff -ru eric/libsepol/include/sepol/policydb/policydb.h trunk/libsepol/include/sepol/policydb/policydb.h > > --- eric/libsepol/include/sepol/policydb/policydb.h 2007-08-23 16:11:32.000000000 -0400 > > +++ trunk/libsepol/include/sepol/policydb/policydb.h 2007-08-23 15:36:06.000000000 -0400 > > @@ -602,9 +602,9 @@ > > #define POLICYDB_CONFIG_MLS 1 > > > > / the config flags related to unknown classes/perms are bits 2 and 3 / > > -#define DENY_UNKNOWN 0x00000000 > > -#define REJECT_UNKNOWN 0x00000002 > > -#define ALLOW_UNKNOWN 0x00000004 > > +#define DENY_UNKNOWN SEPOL_DENY_UNKNOWN > > +#define REJECT_UNKNOWN SEPOL_REJECT_UNKNOWN > > +#define ALLOW_UNKNOWN SEPOL_ALLOW_UNKNOWN > > > > #define POLICYDB_CONFIG_UNKNOWN_MASK (DENY_UNKNOWN \| REJECT_UNKNOWN \| ALLOW_UNKNOWN) > > > > diff -X /home/sds/dontdiff -ru eric/libsepol/include/sepol/policydb.h trunk/libsepol/include/sepol/policydb.h > > --- eric/libsepol/include/sepol/policydb.h 2007-08-23 16:11:04.000000000 -0400 > > +++ trunk/libsepol/include/sepol/policydb.h 2007-08-23 16:27:02.000000000 -0400 > > @@ -83,6 +83,13 @@ > > /* > > extern int sepol_policydb_set_vers(sepol_policydb_t p, unsigned int vers);* > > > > +/ Set how to handle unknown class/perms. / > > +#define SEPOL_DENY_UNKNOWN 0 > > +#define SEPOL_REJECT_UNKNOWN 2 > > +#define SEPOL_ALLOW_UNKNOWN 4 > > +extern int sepol_policydb_set_handle_unknown(sepol_policydb_t p,* > > + unsigned int handle_unknown); > > + > > /* > > Read a policydb from a policy file.* > > This automatically sets the type and version based on the* > > diff -X /home/sds/dontdiff -ru eric/libsepol/src/policydb_public.c trunk/libsepol/src/policydb_public.c > > --- eric/libsepol/src/policydb_public.c 2007-08-23 16:11:04.000000000 -0400 > > +++ trunk/libsepol/src/policydb_public.c 2007-08-23 16:27:40.000000000 -0400 > > @@ -134,6 +134,24 @@ > > return 0; > > } > > > > +int sepol_policydb_set_handle_unknown(sepol_policydb_t sp,* > > + unsigned int handle_unknown) > > +{ > > + struct policydb p = &sp->p;* > > + > > + switch (handle_unknown) { > > + case SEPOL_DENY_UNKNOWN: > > + case SEPOL_REJECT_UNKNOWN: > > + case SEPOL_ALLOW_UNKNOWN: > > + break; > > + default: > > + return -1; > > + } > > + > > + p->handle_unknown = handle_unknown; > > + return 0; > > +} > > + > > int sepol_policydb_read(sepol_policydb_t p, sepol_policy_file_t * pf)* > > { > > return policydb_read(&p->p, &pf->pf, 0); > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Tue 18 Sep 2007 - 16:11:39 EDT This message: [ Message body ] Next message: Stephen Smalley: "Re: concept of a permissive domain" Previous message: Stephen Smalley: "Re: [PATCH] libsepol: support the handle_unknown config flag" In reply to: Stephen Smalley: "Re: [PATCH] libsepol: support the handle_unknown config flag" Next in thread: Daniel J Walsh: "Re: [PATCH] libsepol: support the handle_unknown config flag" Reply: Daniel J Walsh: "Re: [PATCH] libsepol: support the handle_unknown config flag" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom