From patchwork Fri May 22 14:50:37 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 11565825
Return-Path: <SRS0=crGG=7E=vger.kernel.org=selinux-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8629D14B7
	for <patchwork-selinux@patchwork.kernel.org>;
 Fri, 22 May 2020 14:55:01 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 6E668221FF
	for <patchwork-selinux@patchwork.kernel.org>;
 Fri, 22 May 2020 14:55:01 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="a5ICSpTl"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730942AbgEVOzA (ORCPT
        <rfc822;patchwork-selinux@patchwork.kernel.org>);
        Fri, 22 May 2020 10:55:00 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57172 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1730973AbgEVOvV (ORCPT
        <rfc822;selinux@vger.kernel.org>); Fri, 22 May 2020 10:51:21 -0400
Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com
 [IPv6:2607:f8b0:4864:20::844])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8742C061A0E
        for <selinux@vger.kernel.org>; Fri, 22 May 2020 07:51:20 -0700 (PDT)
Received: by mail-qt1-x844.google.com with SMTP id o19so8425364qtr.10
        for <selinux@vger.kernel.org>; Fri, 22 May 2020 07:51:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=oyYWC7FPAvQijXlFvBDt4Oz/D+XQzVCnV+3M5WKDh4w=;
        b=a5ICSpTlr3afa82CNP5nKSHZ6f241Iz4vDdUAcr2Uu6NS92ZaQ4YjiliU1cSq6E3tK
         zIPU0ew9IrRjMsbmpI10vdsXN/yg9qdsFyyucjvKdRekTZeppB7rzmmunyr3aMGyYbWT
         eP2LxaikJOT/HNGLygh5VZCMU4hWDJJiopSmR7vYg/S/O+bh6U10DfDhQ258Vyzj9ATH
         QMUefGoTxQ+5Kcftgmf6ZQRN1Q5/088YVO56JSIGqXSXFoYBit4pODbHmebFfjval0X8
         pmdyn5/VOmmcUM6QrM+iyVmB6t2kgfrcMojHskZIeRAKliIfth07AG8kdo+31BiqCND6
         LztQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=oyYWC7FPAvQijXlFvBDt4Oz/D+XQzVCnV+3M5WKDh4w=;
        b=B3bZoiZ11+L4Uu8gXi/Use89Vc7kIMFSU3xqx49fvKa9cvmNCFyeqM9n8M2B/TYKLo
         ZLmf13w5hMOgUfNHOA7G4EI1EkxEsxekzx8VHHgv97q40a2RlxhwJtDEdweRNo6Ixavl
         32DDFXgSX6P+0p2V+z9Qkos/0HJIv9vys8dYjmV/jBKaIP7rUi2oGmgmLY0i00+twxGz
         ng0Y9AV1isHwKhsW+4AU8HVCHHRF2FeTKawv5TtO48lwEpR2b29Hvz0i++pB0mgBVarj
         TGz/bffrmgBrLdEPx5AmgoPDMqiKgLJTYrOirPHJYnsHFRLfrY6QH7i2HQRDPxQGMbj6
         FpAQ==
X-Gm-Message-State: AOAM533epSjsL25h4wuV1HfUII7ARoq1Hy/Pa51glUcqSkQrGoL9YuxM
        /H4zvCkQ+KtrQu0ymJE75mUEryhxGa8=
X-Google-Smtp-Source: 
 ABdhPJw/iIK+8wk/As9fN/K29Ch8r1Ei3T9b6wJbM+x3GFRoNvpjbnGFr0VjyYteyWnlRX2rMoLqSg==
X-Received: by 2002:ac8:6c54:: with SMTP id z20mr16040971qtu.76.1590159079409;
        Fri, 22 May 2020 07:51:19 -0700 (PDT)
Received: from localhost.localdomain
 (pool-71-166-99-106.bltmmd.east.verizon.net. [71.166.99.106])
        by smtp.gmail.com with ESMTPSA id
 v69sm3668805qkb.96.2020.05.22.07.51.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 May 2020 07:51:18 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: James Carter <jwcart2@gmail.com>
Subject: [PATCH v3 1/2] libsepol: Fix type alias handling in kernel_to_cil
Date: Fri, 22 May 2020 10:50:37 -0400
Message-Id: <20200522145038.194209-1-jwcart2@gmail.com>
X-Mailer: git-send-email 2.25.4
MIME-Version: 1.0
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Type alias rules are not written out when converting a binary kernel
policy to CIL. The problem is that type aliases are not in the
type_val_to_struct array and that is what is being used to find the
aliases.

Since type aliases are only in the types hashtable, walk that to
find the type aliases.

Fixes: 70a480bfcd46214a ("libsepol: Add ability to convert binary
       policy to CIL")

Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2: No changes
v3: Add "__attribute__((unused))" to unused parameters as suggested by
    Nicolas Iooss

 libsepol/src/kernel_to_cil.c | 44 +++++++++++++++++++++++++++---------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index ede78a20..9acf2ec2 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -1367,33 +1367,55 @@ exit:
 	return rc;
 }
 
+static int map_count_type_aliases(__attribute__((unused)) char *key, void *data, void *args)
+{
+	type_datum_t *datum = data;
+	unsigned *count = args;
+
+	if (datum->primary == 0 && datum->flavor == TYPE_TYPE)
+		(*count)++;
+
+	return SEPOL_OK;
+}
+
+static int map_type_aliases_to_strs(char *key, void *data, void *args)
+{
+	type_datum_t *datum = data;
+	struct strs *strs = args;
+	int rc = 0;
+
+	if (datum->primary == 0 && datum->flavor == TYPE_TYPE)
+		rc = strs_add(strs, key);
+
+	return rc;
+}
+
 static int write_type_alias_rules_to_cil(FILE *out, struct policydb *pdb)
 {
 	type_datum_t *alias;
 	struct strs *strs;
 	char *name;
 	char *type;
-	unsigned i, num;
+	unsigned i, num = 0;
 	int rc = 0;
 
-	rc = strs_init(&strs, pdb->p_types.nprim);
+	rc = hashtab_map(pdb->p_types.table, map_count_type_aliases, &num);
 	if (rc != 0) {
 		goto exit;
 	}
 
-	for (i=0; i < pdb->p_types.nprim; i++) {
-		alias = pdb->type_val_to_struct[i];
-		if (!alias->primary) {
-			rc = strs_add(strs, pdb->p_type_val_to_name[i]);
-			if (rc != 0) {
-				goto exit;
-			}
-		}
+	rc = strs_init(&strs, num);
+	if (rc != 0) {
+		goto exit;
+	}
+
+	rc = hashtab_map(pdb->p_types.table, map_type_aliases_to_strs, strs);
+	if (rc != 0) {
+		goto exit;
 	}
 
 	strs_sort(strs);
 
-	num = strs_num_items(strs);
 	for (i=0; i<num; i++) {
 		name = strs_read_at_index(strs, i);
 		if (!name) {

From patchwork Fri May 22 14:50:38 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 11565823
Return-Path: <SRS0=crGG=7E=vger.kernel.org=selinux-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AAE8213B4
	for <patchwork-selinux@patchwork.kernel.org>;
 Fri, 22 May 2020 14:54:33 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 93799221FF
	for <patchwork-selinux@patchwork.kernel.org>;
 Fri, 22 May 2020 14:54:33 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com
 header.b="CElpIbg4"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731031AbgEVOvc (ORCPT
        <rfc822;patchwork-selinux@patchwork.kernel.org>);
        Fri, 22 May 2020 10:51:32 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57200 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731019AbgEVOvb (ORCPT
        <rfc822;selinux@vger.kernel.org>); Fri, 22 May 2020 10:51:31 -0400
Received: from mail-qt1-x843.google.com (mail-qt1-x843.google.com
 [IPv6:2607:f8b0:4864:20::843])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0D878C061A0E
        for <selinux@vger.kernel.org>; Fri, 22 May 2020 07:51:31 -0700 (PDT)
Received: by mail-qt1-x843.google.com with SMTP id i68so8471389qtb.5
        for <selinux@vger.kernel.org>; Fri, 22 May 2020 07:51:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=5suHV3ldz+ePJT8SlrfPszOmzWrcmHMd0my/IAdhEX8=;
        b=CElpIbg4NkWdE92srFRDXKp8tsYpWJisQpKo7nnujNA3hTj5CLt4UESHf5yYhmCT6S
         Docjeq6tvEbWz+z0rFQWC5DDJpiJ264DI+4vv5CONOCfatKltxZLIZdoJI3eOXevDwUV
         Fm+Y7WQU4YkFfnon7DHrylYaK4J9ELWeHPAmaIKUa5z66OoJortwoSncRI/VO/SQCQEN
         Zzt9fVNzGTgxAuD1gGYz4Cn/kEcimfCu6UJV+yGZeEgfEVKFJg7wHiI4LDIfLFmnlU2E
         byygSyJRTUjYV8f1BcaEi8YpEvMjTjw4Ozff3svau70L+gtpTkGPUfcOT9WDzo0mpYkc
         QiNw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=5suHV3ldz+ePJT8SlrfPszOmzWrcmHMd0my/IAdhEX8=;
        b=a8fQ1+IxSCA9gBNZQE+U877cqnGvuGTbGHzJXSG4HOYu6qGYwdhszw9jb7nGSVGDBd
         NB+8oCFpk5syOozCKFBrVdMZKoPYhGJErA3i1bBs+K4ph8YrE8SpixZbHNN13+PBuhzT
         BVOVpqjlStJlPAVpkZouKnBS6j9ja7UYLiBgAh4+pAdFuVibrUAj5qy4fCOPkjDlmnT6
         6+TgBQoPo/g+mB3kRSK1gan6c6AaH44yqY+WWIlHIW/H0I2UWX2pOi9Dm74B6pagGyXj
         ftz6hjpeiDvbbRM+FJckowrqfzSJ4BtN88/q7NKssPFtXY2Nj6AqeV1xG6FklxLpCMiw
         g1wQ==
X-Gm-Message-State: AOAM530MhKIiVkiq1mnO1n0/v9GHC8UGIkG2tFopL+w8a/vQv5QSTDAY
        +ohGcDZ9FeQQY/+ZYuhbnwSsRnRqJgI=
X-Google-Smtp-Source: 
 ABdhPJz9LMg2IUUQAidXsQzmWGTYgHaEv/nIO9nZVfzn6sFRSRcsKRUPRenCmC4C384UOxpNQcYcVg==
X-Received: by 2002:ac8:3292:: with SMTP id z18mr15359188qta.32.1590159090112;
        Fri, 22 May 2020 07:51:30 -0700 (PDT)
Received: from localhost.localdomain
 (pool-71-166-99-106.bltmmd.east.verizon.net. [71.166.99.106])
        by smtp.gmail.com with ESMTPSA id
 v69sm3668805qkb.96.2020.05.22.07.51.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 22 May 2020 07:51:29 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: James Carter <jwcart2@gmail.com>
Subject: [PATCH v3 2/2] libsepol: Fix type alias handling in kernel_to_conf
Date: Fri, 22 May 2020 10:50:38 -0400
Message-Id: <20200522145038.194209-2-jwcart2@gmail.com>
X-Mailer: git-send-email 2.25.4
In-Reply-To: <20200522145038.194209-1-jwcart2@gmail.com>
References: <20200522145038.194209-1-jwcart2@gmail.com>
MIME-Version: 1.0
Sender: selinux-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Type alias rules are not written out when converting a binary kernel
policy to a policy.conf. The problem is that type aliases are not in
the type_val_to_struct array and that is what is being used to find
the aliases.

Since type aliases are only in the types hashtable, walk that to
find the type aliases.

Fixed the syntax of the typalias rule which requires "alias" to come
between the type and the aliases (ex/ typealias TYPE alias ALIAS;).

Fixes: 0a08fd1e69797d6a ("libsepol: Add ability to convert binary
       policy to policy.conf file")

Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
v2: Fix typealias syntax
v3: Add "__attribute__((unused))" to unused parameters as suggested by
    Nicolas Iooss

 libsepol/src/kernel_to_conf.c | 47 +++++++++++++++++++++++++----------
 1 file changed, 34 insertions(+), 13 deletions(-)

diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 9de64832..046d76a4 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -1353,34 +1353,55 @@ exit:
 	return rc;
 }
 
+static int map_count_type_aliases(__attribute__((unused)) char *key, void *data, void *args)
+{
+	type_datum_t *datum = data;
+	unsigned *count = args;
+
+	if (datum->primary == 0 && datum->flavor == TYPE_TYPE)
+		(*count)++;
+
+	return SEPOL_OK;
+}
+
+static int map_type_aliases_to_strs(char *key, void *data, void *args)
+{
+	type_datum_t *datum = data;
+	struct strs *strs = args;
+	int rc = 0;
+
+	if (datum->primary == 0 && datum->flavor == TYPE_TYPE)
+		rc = strs_add(strs, key);
+
+	return rc;
+}
+
 static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb)
 {
 	type_datum_t *alias;
 	struct strs *strs;
 	char *name;
 	char *type;
-	unsigned i, num;
+	unsigned i, num = 0;
 	int rc = 0;
 
-	rc = strs_init(&strs, pdb->p_types.nprim);
+	rc = hashtab_map(pdb->p_types.table, map_count_type_aliases, &num);
 	if (rc != 0) {
 		goto exit;
 	}
 
-	for (i=0; i < pdb->p_types.nprim; i++) {
-		alias = pdb->type_val_to_struct[i];
-		if (!alias->primary) {
-			rc = strs_add(strs, pdb->p_type_val_to_name[i]);
-			if (rc != 0) {
-				goto exit;
-			}
-		}
+	rc = strs_init(&strs, num);
+	if (rc != 0) {
+		goto exit;
 	}
 
+	rc = hashtab_map(pdb->p_types.table, map_type_aliases_to_strs, strs);
+	if (rc != 0) {
+		goto exit;
+	}
+	
 	strs_sort(strs);
 
-	num = strs_num_items(strs);
-
 	for (i=0; i<num; i++) {
 		name = strs_read_at_index(strs, i);
 		if (!name) {
@@ -1393,7 +1414,7 @@ static int write_type_alias_rules_to_conf(FILE *out, struct policydb *pdb)
 			goto exit;
 		}
 		type = pdb->p_type_val_to_name[alias->s.value - 1];
-		sepol_printf(out, "typealias %s %s;\n", type, name);
+		sepol_printf(out, "typealias %s alias %s;\n", type, name);
 	}
 
 exit: