From patchwork Thu Apr 28 20:02:38 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Smalley <sds@tycho.nsa.gov>
X-Patchwork-Id: 8974391
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 0A0C79F1C1
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 28 Apr 2016 20:04:13 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id D9431202C8
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 28 Apr 2016 20:04:11 +0000 (UTC)
Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8])
	by mail.kernel.org (Postfix) with ESMTP id 93E72202BE
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 28 Apr 2016 20:04:10 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.24,548,1454976000"; d="scan'208";a="13165770"
IronPort-PHdr: =?us-ascii?q?9a23=3ALhunUhCceEE5q7OzIqJUUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP7/pcbcNUDSrc9gkEXOFd2CrakU26yG7+u5BTdIyK3CmU5BWaQEbwUCh8?=
	=?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?=
	=?us-ascii?q?Ov7yUtaLyZ/nh6bip9aKP14ArQH+SI0xBS3+lR/WuMgSjNkqAYcK4TyNnEF1ff?=
	=?us-ascii?q?9Lz3hjP1OZkkW0zM6x+Jl+73YY4Kp5pIYTGZn9Kr81Sb1eESQOL3E+5MqtswLK?=
	=?us-ascii?q?CwSI+CgySGITxyFUDhDF4ReyZZL4ti/3p6IpwyWBFdHnRrAzHzK55uFkTwG+23?=
	=?us-ascii?q?RPDCIw7GyC0p84t6lcuh/0/xE=3D?=
X-IPAS-Result: =?us-ascii?q?A2FSBQBeayJX/wHyM5BeHAGDG4FBD7tXJIVugThMAQEBAQE?=
	=?us-ascii?q?BAgJiJ4ItghwCJBMUIAsDAwkCFykICAMBLRUfCwUYBIgJxBsejnsRAWiFCgWHd?=
	=?us-ascii?q?JAcjhcCiU+FQI8wYoQHUIYzgTUBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 28 Apr 2016 20:04:08 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u3SK45gC016817;
	Thu, 28 Apr 2016 16:04:06 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u3SK1ALM206745 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 28 Apr 2016 16:01:10 -0400
Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto
	[192.168.25.131])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u3SK192X016076; Thu, 28 Apr 2016 16:01:09 -0400
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH 1/2] libsepol: Only apply bounds checking to source types in
	rules
Date: Thu, 28 Apr 2016 16:02:38 -0400
Message-Id: <1461873759-29136-1-git-send-email-sds@tycho.nsa.gov>
X-Mailer: git-send-email 2.5.5
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: jwcart2@tycho.ns.gov, Stephen Smalley <sds@tycho.nsa.gov>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-2.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,
	UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The current bounds checking of both source and target types
requires allowing any domain that has access to the child domain
to also have the same permissions to the parent, which is undesirable.
Drop the target bounds checking.

Making this change fully functional requires a corresponding kernel
change; this change only allows one to build policies that would
otherwise violate the bounds checking on target type.  The kernel
change is required to allow the permissions at runtime.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libsepol/src/hierarchy.c | 26 --------------------------
 1 file changed, 26 deletions(-)

diff --git a/libsepol/src/hierarchy.c b/libsepol/src/hierarchy.c
index 6f73195..ba65978 100644
--- a/libsepol/src/hierarchy.c
+++ b/libsepol/src/hierarchy.c
@@ -329,32 +329,6 @@ static int bounds_check_rule(sepol_handle_t *handle, policydb_t *p,
 			if (rc) goto exit;
 		}
 	}
-	if (ebitmap_get_bit(&p->attr_type_map[tgt - 1], child - 1)) {
-		avtab_key.target_type = parent;
-		ebitmap_for_each_bit(&p->attr_type_map[src - 1], tnode, i) {
-			if (!ebitmap_node_get_bit(tnode, i))
-				continue;
-			avtab_key.source_type = i + 1;
-			if (avtab_key.source_type == child) {
-				/* Checked above */
-				continue;
-			}
-			d = bounds_not_covered(global_avtab, cur_avtab,
-					       &avtab_key, data);
-			if (!d) continue;
-			td = p->type_val_to_struct[i];
-			if (td && td->bounds) {
-				avtab_key.source_type = td->bounds;
-				d = bounds_not_covered(global_avtab, cur_avtab,
-						       &avtab_key, data);
-				if (!d) continue;
-			}
-			(*numbad)++;
-			rc = bounds_add_bad(handle, i+1, child, class, d, bad);
-			if (rc) goto exit;
-		}
-	}
-
 exit:
 	return rc;
 }