From patchwork Sat Apr 30 07:58:10 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Zaman X-Patchwork-Id: 8986681 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id B0316BF29F for ; Sat, 30 Apr 2016 08:10:44 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id EF4B2201B9 for ; Sat, 30 Apr 2016 08:10:43 +0000 (UTC) Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9]) by mail.kernel.org (Postfix) with ESMTP id DD11E20142 for ; Sat, 30 Apr 2016 08:10:42 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.24,555,1454976000"; d="scan'208";a="15771043" IronPort-PHdr: =?us-ascii?q?9a23=3A/8RuKRSTbcNm13zS8kadW7ii39psv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64YBSN2/xhgRfzUJnB7Loc0qyN4/CmCTNLuMza+Fk5M7VyFDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpq82VM1oD3WDmKZpJbzyI7izp/vEMhoVjLqtjgjDomVBvP9?= =?us-ascii?q?ps+GVzOFiIlAz97MrjtLRq8iBXpu5zv5UYCfayLOwESulDATAnNX0lzNH6vhnE?= =?us-ascii?q?Cw2U7z0TVXtFvABPBl3n5Qr9WN/Duy7zsKIp2iCBOsveVb0uVzWk7qBtDhTvjX?= =?us-ascii?q?FUZHYC7GjLh5ko3+pgqxW7qkknzg=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EPBQDtZyRX/wHyM5BcAoMNK4FQu2whgXaFKUwBAQEBAQE?= =?us-ascii?q?CAmIngi19Wz0CAQMBAg8oBgEBDCALAQIDCQEBFyEICAgDAS0DAQUBCxEOCwUYB?= =?us-ascii?q?AGICAGkeIExPjGKVIUoAQSMLwEBCAIYBgqEDYplEQFkBAeFA45PiUqOGmOIRyW?= =?us-ascii?q?FQI1zMIEOYoN4XwGGR4E1AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Apr 2016 08:10:33 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3U8AX8O019339; Sat, 30 Apr 2016 04:10:33 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u3U7x7IT229794 for ; Sat, 30 Apr 2016 03:59:07 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3U7x7jG016239 for ; Sat, 30 Apr 2016 03:59:07 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DpAADiZCRXiMLAVdFbAoMNgXu3Y4QJCheFeQKBJEwBAQEBAQETAQEBCAsLCR+EcwIBAxIuAQE3AQ85GDQBBQEcGSKICAGkdoExPjGKVIUoAQSMLwEBAQEBAQQCARcGCoQNi1sEB4F1C0CCQ45PiUqOGmOIR4VljXMwgQ6CWh6BYl8BhkeBNQEBAQ X-IPAS-Result: A1DpAADiZCRXiMLAVdFbAoMNgXu3Y4QJCheFeQKBJEwBAQEBAQETAQEBCAsLCR+EcwIBAxIuAQE3AQ85GDQBBQEcGSKICAGkdoExPjGKVIUoAQSMLwEBAQEBAQQCARcGCoQNi1sEB4F1C0CCQ45PiUqOGmOIR4VljXMwgQ6CWh6BYl8BhkeBNQEBAQ X-IronPort-AV: E=Sophos;i="5.24,555,1454994000"; d="scan'208";a="5420267" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 30 Apr 2016 03:59:07 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AChqZhR0nj+6YhW8lsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segSKvad9pjvdHbS+e9qxAeQG96Lu7QU1KGP6fuocFdDyKjCmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWC34LniKvrocabSj4LrQT+SIs6FA+xowTVu5teqqpZAYF19CH0pGBVcf?= =?us-ascii?q?9d32JiKAHbtR/94sCt4MwrqHwI6Lpyv/JHBL73e6U+UKxwECUtM2dz4tbi8xbE?= =?us-ascii?q?U1ih/HwZB0cfiR1OSzrM6Rj8FsPzuzD9sMJl1TOUPMv3SrZyUjOnufQ4ACT0gT?= =?us-ascii?q?sKYmZquFrcjdZ92fpW?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HQAAAtZCRXiMLAVdFbAoMNgXu3Y4QJC?= =?us-ascii?q?heBdoQDAoEkTAEBAQEBAQICDwEBAQgLCwkfMYItfVs9AgEDEi4BATcBDzkYNAE?= =?us-ascii?q?FARwZIogIAaR1gTE+MYpUhSgBBIwvAQEBAQEBBAIBFwYKhA2LWwQHgXULQIJDj?= =?us-ascii?q?k+JSo4aY4hHhWWNczCBDoJaHoFiXwGGR4E1AQEB?= X-IPAS-Result: =?us-ascii?q?A0HQAAAtZCRXiMLAVdFbAoMNgXu3Y4QJCheBdoQDAoEkTAE?= =?us-ascii?q?BAQEBAQICDwEBAQgLCwkfMYItfVs9AgEDEi4BATcBDzkYNAEFARwZIogIAaR1g?= =?us-ascii?q?TE+MYpUhSgBBIwvAQEBAQEBBAIBFwYKhA2LWwQHgXULQIJDjk+JSo4aY4hHhWW?= =?us-ascii?q?NczCBDoJaHoFiXwGGR4E1AQEB?= X-IronPort-AV: E=Sophos;i="5.24,555,1454976000"; d="scan'208";a="13216211" Received: from mail-pf0-f194.google.com ([209.85.192.194]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256; 30 Apr 2016 07:59:05 +0000 Received: by mail-pf0-f194.google.com with SMTP id p185so16772549pfb.3 for ; Sat, 30 Apr 2016 00:59:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=perfinion-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TLKJpLKGfjqTJXVt7g1reYKc2pneQcTNHlOrIzOqtCg=; b=G7gXBEaiq03PL5pi0XNM5gAe00xJGi7FbE9P++QhhkRD8xP05/RSs6UVSXvd5m/oDR 5gYjodadGp/eMh30S7wALMAtXcmAWoblBTq8BINwerAMkQszzeOax+kf/AxiYyO8zlVI szmkq1Ha1TrYYD3AfJVzy66iXFP3pZAC/99AxH9xv3GEtjV61G9JjVYvajnLpAFwSOSY GqKb3ALtrIVKfnP+sRzIpqYGqdXO5dwJC52qI6qYmIVfPWRFBFYB8EIHrkh7efOqjlXU Xd6yTzfQIdZm70a2CjQDsMUiYMi3Y7+E6qED0KBID7+sn8dCWVAP0jwtqrOYsF73vn0a YhHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TLKJpLKGfjqTJXVt7g1reYKc2pneQcTNHlOrIzOqtCg=; b=nLmj8eI5idVEpWYs8+ujmqnwrmMe6CcAqPEXUswCz9hLiLNZfJcEyGLQ6mZcYXwmB+ mEJv/vNXJlOgfv7qEMFi5kzK9QwRqcY4V09wm6SESXPSuYbHkNByi3HwfpXU64EfktFF lBQCRWshyysv6Es4cH1s+83MlP3kfmvuHhEfM7cALUlIRXS3rGOV4EVWeJMtEO1KwWHe vDRrRmM0Mt7E7AYYa2YvoiUvO/FJr6yyck7VYP5AT55JpeKWb2ocJTS6Wqe11f6AzrrK hVG49G7BsQCVGW0aQhTVsBveaJfjMcKq7AEv/THg6zdxZnhRHJGUPJhOTsI7ix8rIba8 VtPw== X-Gm-Message-State: AOPr4FVXtquflBPJNA4AO/N+2XXbHLU2f7G89dWIRQUJPQVW+Sa6Dajs6RUNMVrxToIvIg== X-Received: by 10.98.109.198 with SMTP id i189mr34944763pfc.106.1462003145195; Sat, 30 Apr 2016 00:59:05 -0700 (PDT) Received: from localhost ([2404:e800:e600:38b:e5d4:5e0:f7e0:81be]) by smtp.gmail.com with ESMTPSA id 5sm28992516pfn.46.2016.04.30.00.59.04 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 30 Apr 2016 00:59:04 -0700 (PDT) From: Jason Zaman To: selinux@tycho.nsa.gov Subject: [PATCH v4 5/7] genhomedircon: make USERID, USERNAME context lists Date: Sat, 30 Apr 2016 15:58:10 +0800 Message-Id: <1462003092-4611-6-git-send-email-jason@perfinion.com> X-Mailer: git-send-email 2.7.3 In-Reply-To: <1462003092-4611-1-git-send-email-jason@perfinion.com> References: <1462003092-4611-1-git-send-email-jason@perfinion.com> X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: sds@tycho.nsa.gov MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Signed-off-by: Jason Zaman --- libsemanage/src/genhomedircon.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c index 46808d8..b299656 100644 --- a/libsemanage/src/genhomedircon.c +++ b/libsemanage/src/genhomedircon.c @@ -73,8 +73,13 @@ which are searched for and replaced */ #define TEMPLATE_HOME_ROOT "HOME_ROOT" #define TEMPLATE_HOME_DIR "HOME_DIR" +/* these are legacy */ #define TEMPLATE_USER "USER" #define TEMPLATE_ROLE "ROLE" +/* new names */ +#define TEMPLATE_USERNAME "%{USERNAME}" +#define TEMPLATE_USERID "%{USERID}" + #define TEMPLATE_SEUSER "system_u" #define TEMPLATE_LEVEL "s0" @@ -463,8 +468,21 @@ static int HOME_DIR_PRED(const char *string) return semanage_is_prefix(string, TEMPLATE_HOME_DIR); } +/* new names */ +static int USERNAME_CONTEXT_PRED(const char *string) +{ + return (int)( + (strstr(string, TEMPLATE_USERNAME) != NULL) || + (strstr(string, TEMPLATE_USERID) != NULL) + ); +} + +/* This will never match USER if USERNAME or USERID are found. */ static int USER_CONTEXT_PRED(const char *string) { + if (USERNAME_CONTEXT_PRED(string)) + return 0; + return (int)(strstr(string, TEMPLATE_USER) != NULL); } @@ -950,16 +968,21 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) { semanage_list_t *homedirs = NULL; semanage_list_t *h = NULL; - semanage_list_t *user_context_tpl = NULL; semanage_list_t *homedir_context_tpl = NULL; semanage_list_t *homeroot_context_tpl = NULL; + semanage_list_t *username_context_tpl = NULL; + semanage_list_t *user_context_tpl = NULL; int retval = STATUS_SUCCESS; homedir_context_tpl = make_template(s, &HOME_DIR_PRED); homeroot_context_tpl = make_template(s, &HOME_ROOT_PRED); + username_context_tpl = make_template(s, &USERNAME_CONTEXT_PRED); user_context_tpl = make_template(s, &USER_CONTEXT_PRED); - if (!homedir_context_tpl && !homeroot_context_tpl && !user_context_tpl) + if (!homedir_context_tpl + && !homeroot_context_tpl + && !username_context_tpl + && !user_context_tpl) goto done; if (write_file_context_header(out) != STATUS_SUCCESS) { @@ -1028,6 +1051,7 @@ static int write_context_file(genhomedircon_settings_t * s, FILE * out) done: /* Cleanup */ semanage_list_destroy(&homedirs); + semanage_list_destroy(&username_context_tpl); semanage_list_destroy(&user_context_tpl); semanage_list_destroy(&homedir_context_tpl); semanage_list_destroy(&homeroot_context_tpl);