From patchwork Thu Jun 24 19:59:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12343153 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09C38C49EA5 for ; Thu, 24 Jun 2021 19:59:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E382560E0C for ; Thu, 24 Jun 2021 19:59:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232370AbhFXUBn (ORCPT ); Thu, 24 Jun 2021 16:01:43 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232554AbhFXUBm (ORCPT ); Thu, 24 Jun 2021 16:01:42 -0400 Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 319A2C061574 for ; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) Received: by mail-qk1-x72f.google.com with SMTP id y29so15154470qky.12 for ; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Obf3tJxxwdlTPuYvJW6+nUcNrywtZpC8Z6MtD80dh0w=; b=qHr3m5Tatez+Fh0OnP+8PqMsZuITB8msxxEcui7LbUAez9QuGk585fl0lt+5sJWJTi x/RXqVQTA9in5w87p72KgDUncXqEFprunjMU2zvZ4rqHfrI8N6EHeV4sgvBQBq3OS0e9 7BKlmdroQQ/YYzl7aTFtkJZ2yemTKUzs9abARtRIsCCs7vdf7LEleDLEpo9ccbd+bn6o 4uURTllh4d26ADVw90rWmoZG2KLINAWnUK6rk5YkVJ0eHIPlzKA7YtTNVUS448TG1iaj DJpN+wE7qBvieoSkr/cR5WjYE/dW6kkafwG5gc3uQnUpcOSmJhCUJgp++i8p3weEIjGi JyvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Obf3tJxxwdlTPuYvJW6+nUcNrywtZpC8Z6MtD80dh0w=; b=SJBYQqQReT01F7TZma/MVDeI8XMPVSzFbAV3NVl6wWDIFy6nyDeysPCed6/H3MK+Ba NQgwvbQfpfvKRKQFqdWhI8ArKEhpEKSKV94FR5UZkmLPh/u7Bh5PNeEoGPV2sdm8TwNJ YCbWKxRvPy3KaK5EnrbooDa+Wj41dXy8iYErXEP3i9S1iwmolxYNKdSpKAI9MuKi6KPX jdpsoNPWmgrr+P34rUm8U0HRTxGTd9+fKLyp5fNbrpAift/XYLJ7NoNTICF+OpG5UpW7 NkLkVw0MkgRQXrw4TP3q4dmaFqKBQv5Fkp+8EVf4P2XNY87lsCSfEHPmz8s47GcMhoCT K6Ng== X-Gm-Message-State: AOAM53113SdoG5sK3ghu0DbfKWBYq5Z8pwW+249cVI+7YxVWL6gMNnBa RDHX0VCi92k0W9yQpPNNA25Wf1BOKgrIhw== X-Google-Smtp-Source: ABdhPJw59IPyyW+p8ZXG2BF5rmWGx2YaeZW6meaRWNPeQ4bVo5/lMq+n7hvZghH10fYZHQvRBmxrjg== X-Received: by 2002:a05:620a:214e:: with SMTP id m14mr7509122qkm.496.1624564761174; Thu, 24 Jun 2021 12:59:21 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id w185sm3345813qkd.30.2021.06.24.12.59.20 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jun 2021 12:59:20 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 1/4] libsepol/cil: Provide option to allow qualified names in declarations Date: Thu, 24 Jun 2021 15:59:16 -0400 Message-Id: <20210624195919.148828-1-jwcart2@gmail.com> X-Mailer: git-send-email 2.26.3 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Qualified names have "dots" in them. They are generated when a CIL policy is compiled and come from declarations in blocks. If a kernel policy is decompiled into a CIL policy, the resulting policy could have decarations that use qualified names. Compiling this policy would result in an error because "dots" in declarations are not allowed. Qualified names in a policy are normally used to refer to the name of identifiers, blocks, macros, or optionals that are declared in a different block (that is not a parent). Name resolution is based on splitting a name based on the "dots", searching the parents up to the global namespace for the first block using the first part of the name, using the second part of the name to lookup the next block using the first block's symbol tables, looking up the third block in the second's symbol tables, and so on. To allow the option of using qualified names in declarations: 1) Create a field in the struct cil_db called "qualified_names" which is set to CIL_TRUE when qualified names are to be used. This field is checked in cil_verify_name() and "dots" are allowed if qualified names are being allowed. 2) Only allow the direct lookup of the whole name in the global symbol table. This means that blocks, blockinherits, blockabstracts, and in- statements cannot be allowed. Use the "qualified_names" field of the cil_db to know when using one of these should result in an error. 3) Create the function cil_set_qualified_names() that is used to set the "qualified_names" field. Export the function in libsepol. Signed-off-by: James Carter --- libsepol/cil/include/cil/cil.h | 1 + libsepol/cil/src/cil.c | 6 ++++++ libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++++-- libsepol/cil/src/cil_internal.h | 1 + libsepol/cil/src/cil_resolve_ast.c | 4 ++-- libsepol/cil/src/cil_verify.c | 19 ++++++++++++++----- libsepol/cil/src/cil_verify.h | 2 +- libsepol/src/libsepol.map.in | 1 + 8 files changed, 48 insertions(+), 10 deletions(-) diff --git a/libsepol/cil/include/cil/cil.h b/libsepol/cil/include/cil/cil.h index 92fac6e1..482ca522 100644 --- a/libsepol/cil/include/cil/cil.h +++ b/libsepol/cil/include/cil/cil.h @@ -51,6 +51,7 @@ extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size); extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size); extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit); extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls); +extern void cil_set_qualified_names(struct cil_db *db, int qualified_names); extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow); extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables); extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown); diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 9d5038d9..3f2e6927 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -440,6 +440,7 @@ void cil_db_init(struct cil_db **db) (*db)->handle_unknown = -1; (*db)->mls = -1; (*db)->multiple_decls = CIL_FALSE; + (*db)->qualified_names = CIL_FALSE; (*db)->target_platform = SEPOL_TARGET_SELINUX; (*db)->policy_version = POLICYDB_VERSION_MAX; } @@ -1872,6 +1873,11 @@ void cil_set_multiple_decls(struct cil_db *db, int multiple_decls) db->multiple_decls = multiple_decls; } +void cil_set_qualified_names(struct cil_db *db, int qualified_names) +{ + db->qualified_names = qualified_names; +} + void cil_set_target_platform(struct cil_db *db, int target_platform) { db->target_platform = target_platform; diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index baed3e58..9da90883 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -146,7 +146,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s int rc = SEPOL_ERR; symtab_t *symtab = NULL; - rc = cil_verify_name((const char*)key, nflavor); + rc = cil_verify_name(db, (const char*)key, nflavor); if (rc != SEPOL_OK) { goto exit; } @@ -204,6 +204,11 @@ int cil_gen_block(struct cil_db *db, struct cil_tree_node *parse_current, struct goto exit; } + if (db->qualified_names) { + cil_log(CIL_ERR, "Blocks are not allowed when the option for qualified names is used\n"); + goto exit; + } + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); if (rc != SEPOL_OK) { goto exit; @@ -274,6 +279,11 @@ int cil_gen_blockinherit(struct cil_db *db, struct cil_tree_node *parse_current, goto exit; } + if (db->qualified_names) { + cil_log(CIL_ERR, "Block inherit rules are not allowed when the option for qualified names is used\n"); + goto exit; + } + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); if (rc != SEPOL_OK) { goto exit; @@ -331,6 +341,11 @@ int cil_gen_blockabstract(struct cil_db *db, struct cil_tree_node *parse_current goto exit; } + if (db->qualified_names) { + cil_log(CIL_ERR, "Block abstract rules are not allowed when the option for qualified names is used\n"); + goto exit; + } + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); if (rc != SEPOL_OK) { goto exit; @@ -376,6 +391,11 @@ int cil_gen_in(struct cil_db *db, struct cil_tree_node *parse_current, struct ci goto exit; } + if (db->qualified_names) { + cil_log(CIL_ERR, "In-statements are not allowed when the option for qualified names is used\n"); + goto exit; + } + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); if (rc != SEPOL_OK) { goto exit; @@ -5261,7 +5281,7 @@ int cil_gen_macro(struct cil_db *db, struct cil_tree_node *parse_current, struct param->str = current_item->cl_head->next->data; - rc = cil_verify_name(param->str, param->flavor); + rc = cil_verify_name(db, param->str, param->flavor); if (rc != SEPOL_OK) { cil_destroy_param(param); goto exit; diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 8b9aeabf..f184d739 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -321,6 +321,7 @@ struct cil_db { int handle_unknown; int mls; int multiple_decls; + int qualified_names; int target_platform; int policy_version; }; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 5245cc15..27efffa6 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -4409,8 +4409,8 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en *datum = NULL; - if (strchr(name,'.') == NULL) { - /* No '.' in name */ + if (db->qualified_names || strchr(name,'.') == NULL) { + /* Using qualified names or No '.' in name */ rc = __cil_resolve_name_helper(db, ast_node->parent, name, sym_index, datum); if (rc != SEPOL_OK) { goto exit; diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 59397f70..9cb1a6f6 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -92,7 +92,7 @@ static int __cil_is_reserved_name(const char *name, enum cil_flavor flavor) return CIL_FALSE; } -int cil_verify_name(const char *name, enum cil_flavor flavor) +int cil_verify_name(struct cil_db *db, const char *name, enum cil_flavor flavor) { int rc = SEPOL_ERR; int len; @@ -116,10 +116,19 @@ int cil_verify_name(const char *name, enum cil_flavor flavor) goto exit; } - for (i = 1; i < len; i++) { - if (!isalnum(name[i]) && name[i] != '_' && name[i] != '-') { - cil_log(CIL_ERR, "Invalid character \"%c\" in %s\n", name[i], name); - goto exit; + if (db->qualified_names == CIL_FALSE) { + for (i = 1; i < len; i++) { + if (!isalnum(name[i]) && name[i] != '_' && name[i] != '-') { + cil_log(CIL_ERR, "Invalid character \"%c\" in %s\n", name[i], name); + goto exit; + } + } + } else { + for (i = 1; i < len; i++) { + if (!isalnum(name[i]) && name[i] != '_' && name[i] != '-' && name[i] != '.') { + cil_log(CIL_ERR, "Invalid character \"%c\" in %s\n", name[i], name); + goto exit; + } } } diff --git a/libsepol/cil/src/cil_verify.h b/libsepol/cil/src/cil_verify.h index 4ea14f5b..8eb3c463 100644 --- a/libsepol/cil/src/cil_verify.h +++ b/libsepol/cil/src/cil_verify.h @@ -56,7 +56,7 @@ struct cil_args_verify { int *pass; }; -int cil_verify_name(const char *name, enum cil_flavor flavor); +int cil_verify_name(struct cil_db *db, const char *name, enum cil_flavor flavor); int __cil_verify_syntax(struct cil_tree_node *parse_current, enum cil_syntax s[], int len); int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, enum cil_flavor expr_flavor); int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor); diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index 2e503bd1..0e05d606 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -272,4 +272,5 @@ LIBSEPOL_3.0 { cil_write_parse_ast; cil_write_build_ast; cil_write_resolve_ast; + cil_set_qualified_names; } LIBSEPOL_1.1; From patchwork Thu Jun 24 19:59:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12343151 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29E22C49EA6 for ; Thu, 24 Jun 2021 19:59:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 169BD60E0C for ; Thu, 24 Jun 2021 19:59:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232554AbhFXUBo (ORCPT ); Thu, 24 Jun 2021 16:01:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35458 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232778AbhFXUBn (ORCPT ); Thu, 24 Jun 2021 16:01:43 -0400 Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93EE6C061756 for ; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) Received: by mail-qk1-x72a.google.com with SMTP id q190so16680421qkd.2 for ; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=GYe02PgXT9Q27ySRbQ7B/5Xj8MIBUt+EAS/oAfr0uPc=; b=TzbfU9ZJ4nPQMZvbjLklgg+J3YXPBurXUM6iZVaRrsWWZHz94rOOnLEVWLXO9iSBkY O/55lVEag1B0JQ1URyH0JprXxVStCcuGOLqrRXjeGnl6mCATG/MQbVqMwuSuz/u4XvV7 hQFh0LLcFX8TgVZgm9A7dP8NQVzBMKwdUQ7u+Qfko3a43oVnGiuK6FhcEAz4TxiJ4Vq2 YgxlsoIwVeZWce9gSt2NLZGtu0HHkHb8IPUgYB0kMXsuNVQNfOVwFHOVjNPYxB09MQOc JJDsedjR3UemUkr9wM2r9sftL6UrKyh4c3U6Y8YNkYYPvyIywHR426Qa2dAvLxbrdIPC FFqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=GYe02PgXT9Q27ySRbQ7B/5Xj8MIBUt+EAS/oAfr0uPc=; b=SFF+Or4+c856MBaxGpTkYkH3g8xc86bIpFM7G7dA98us7YrG5iyo5IpFK8ZVP7/rB1 yEAJTXkdjj9FpEmSNOAcFhykwSOz1aZFY/z+5IX49B6/33VywU/6qb83R0isCi+eQBeS 5AT6Ffc2WLhNQx4rtAMsQ3JYP+FWEqBRTiBaeUTcqaxAfVHsmWpjDulwvj7may712ldE 3PJpIndTsmIN/YToWbrLqsjvcC5eClPp/cdTceNbclnFDiu7yhWpZs1UbvUL2tyRCaCc dAnz2ZRIWfAvw4vc9wRqqu2fUYO2Q4XAAhd7h2TyZk6qzXFplMBE4sGwnVCcqsxUG8Mf 3RRw== X-Gm-Message-State: AOAM531H7pFE7J3tfbzp3KzArXdfQEF6jUBa1aOpjAaC3YehK/Zq/gy2 EiGGJDy67Sq1IWcalljZEtUphuwpc0lawQ== X-Google-Smtp-Source: ABdhPJyoLTNLZu6iMcDK5gcp5Sdri9G1TJfgIMwwMJqAAizK2I6unTnUxw0geyWhnUDQgw0lUQwlaA== X-Received: by 2002:a37:d4d:: with SMTP id 74mr7370881qkn.354.1624564761707; Thu, 24 Jun 2021 12:59:21 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id w185sm3345813qkd.30.2021.06.24.12.59.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jun 2021 12:59:21 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 2/4] secilc: Add support for using qualified names to secilc Date: Thu, 24 Jun 2021 15:59:17 -0400 Message-Id: <20210624195919.148828-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.26.3 In-Reply-To: <20210624195919.148828-1-jwcart2@gmail.com> References: <20210624195919.148828-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide the option "-Q" or "--qualified-names" to indicate that the policy is using qualified names. Using qualified names means that declaration names can have "dots" in them, but blocks, blockinherits, blockabstracts, and in-statements are not allowed in the policy. The libsepol function cil_set_qualified_names() is called with the desired value for the CIL db's "qualified_names" field. Signed-off-by: James Carter --- secilc/secilc.8.xml | 5 +++++ secilc/secilc.c | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/secilc/secilc.8.xml b/secilc/secilc.8.xml index 2b734f09..74b78f2b 100644 --- a/secilc/secilc.8.xml +++ b/secilc/secilc.8.xml @@ -75,6 +75,11 @@ Treat tunables as booleans. + + + Use qualified names. Do not allow blocks, blockinherits, blockabstracts, or in-statements. + + Allow some statements to be re-declared. diff --git a/secilc/secilc.c b/secilc/secilc.c index 9c78e425..91b619b9 100644 --- a/secilc/secilc.c +++ b/secilc/secilc.c @@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) printf(" statement if present in the policy\n"); printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n"); printf(" -P, --preserve-tunables treat tunables as booleans\n"); + printf(" -Q, --qualified-names Use qualified names and do not allow blocks\n"); printf(" -m, --multiple-decls allow some statements to be re-declared\n"); printf(" -N, --disable-neverallow do not check neverallow rules\n"); printf(" -G, --expand-generated Expand and remove auto-generated attributes\n"); @@ -94,6 +95,7 @@ int main(int argc, char *argv[]) int multiple_decls = 0; int disable_neverallow = 0; int preserve_tunables = 0; + int qualified_names = 0; int handle_unknown = -1; int policyvers = POLICYDB_VERSION_MAX; int attrs_expand_generated = 0; @@ -115,6 +117,7 @@ int main(int argc, char *argv[]) {"multiple-decls", no_argument, 0, 'm'}, {"disable-neverallow", no_argument, 0, 'N'}, {"preserve-tunables", no_argument, 0, 'P'}, + {"qualified-names", no_argument, 0, 'Q'}, {"output", required_argument, 0, 'o'}, {"filecontexts", required_argument, 0, 'f'}, {"expand-generated", no_argument, 0, 'G'}, @@ -125,7 +128,7 @@ int main(int argc, char *argv[]) int i; while (1) { - opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNOc:GX:n", long_opts, &opt_index); + opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PQDmNOc:GX:n", long_opts, &opt_index); if (opt_char == -1) { break; } @@ -190,6 +193,9 @@ int main(int argc, char *argv[]) case 'P': preserve_tunables = 1; break; + case 'Q': + qualified_names = 1; + break; case 'o': output = strdup(optarg); break; @@ -238,6 +244,7 @@ int main(int argc, char *argv[]) cil_set_multiple_decls(db, multiple_decls); cil_set_disable_neverallow(db, disable_neverallow); cil_set_preserve_tunables(db, preserve_tunables); + cil_set_qualified_names(db, qualified_names); if (handle_unknown != -1) { rc = cil_set_handle_unknown(db, handle_unknown); if (rc != SEPOL_OK) { From patchwork Thu Jun 24 19:59:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12343157 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65AD8C49EA7 for ; Thu, 24 Jun 2021 19:59:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 492DE61185 for ; Thu, 24 Jun 2021 19:59:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232848AbhFXUBo (ORCPT ); Thu, 24 Jun 2021 16:01:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232825AbhFXUBn (ORCPT ); Thu, 24 Jun 2021 16:01:43 -0400 Received: from mail-qv1-xf36.google.com (mail-qv1-xf36.google.com [IPv6:2607:f8b0:4864:20::f36]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F5C8C06175F for ; Thu, 24 Jun 2021 12:59:23 -0700 (PDT) Received: by mail-qv1-xf36.google.com with SMTP id u2so3953501qvp.13 for ; Thu, 24 Jun 2021 12:59:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HQvtRMDYOarP2SqiVUWERep6sG35J1GxyR16NX4swNs=; b=SbNQJDEPMkBDjR6GNVaCRlNi194s25vyolGei5uYf/CpW+bt+FTPd+3BTRkYDTwrae PRudkQYYaKON4H5KFopKaZZkk3+QVDTJAKEPg8JsAaxu0RnXgPqbprSxnE/OmxuQoe/V 623zfYNUlEl3J2WOVK9Fw/B1KmaibjI9s2WzFkTihL1TH+VNy8kI1Od1MzyWP3weHemW +/J7ODs9WzjsMQla+1SIaiHIGHICdNhvQgQv5IvcVl9qdkfkJRcqQVl6fbb0OtbcwWFk 9hE3vYiJR+PPJLNoIymNhQ3s9Xhsd/D9ZmFCvAQPj5dx3jTfUQoo2Ca24xpoU5ztodm7 x8dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HQvtRMDYOarP2SqiVUWERep6sG35J1GxyR16NX4swNs=; b=puboozcv3rtLDndTIcjOWCsF/DshEtipaFFvZi6nP1onlDaDxASP3IqmGFDwan0P6s D1edOA2M2K3+7tHQltZAlxBVjZ+HvJt9nPQsVsjQDpRa5VyS1SNfRcZqXLvNfC2T7n2i MTAkXKifJnm8Re+sTAT/CTMV4BJXym7cqNIc5FtHSMv8VwDLW58Ya/EMSiIqmuYNFHIN PCBcnPVaTR8GbPDx8Z7vQuOUwRZemvQmS4ZOf/TmY4h3DuVHUmZOnpBZs7evBVSGlArI qRiP6RoOH15g+5rVmQsE3Ycb88neYw2kkF6smaf9YRRacpw/fAmpp+8Vsz5iWcxW7Jlw CqCQ== X-Gm-Message-State: AOAM533LBbAtviycnbmCt1UuS5+qHW7ssFwR4TKzm6u+q3DSwo3bnW89 I/qOvNuposDWfXufutrr0r2ZNb75KOW+EA== X-Google-Smtp-Source: ABdhPJwgRyH+En8Jbswo5mW49A2CH8h1v4buMZmWo0EBa/gJo0AlNm9uYYqLIp92Zcmaqj4ezd/89w== X-Received: by 2002:ad4:536a:: with SMTP id e10mr7326234qvv.9.1624564762312; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id w185sm3345813qkd.30.2021.06.24.12.59.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jun 2021 12:59:21 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 3/4] libsepol/cil: Add support for using qualified names to secil2tree Date: Thu, 24 Jun 2021 15:59:18 -0400 Message-Id: <20210624195919.148828-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.26.3 In-Reply-To: <20210624195919.148828-1-jwcart2@gmail.com> References: <20210624195919.148828-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide the option "-Q" or "--qualified-names" to indicate that the policy is using qualified names. Using qualified names means that declaration names can have "dots" in them, but blocks, blockinherits, blockabstracts, and in-statements are not allowed in the policy. The libsepol function cil_set_qualified_names() is called with the desired value for the CIL db's "qualified_names" field. Signed-off-by: James Carter --- secilc/secil2tree.8.xml | 5 +++++ secilc/secil2tree.c | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/secilc/secil2tree.8.xml b/secilc/secil2tree.8.xml index 81382ffe..6a969ac9 100644 --- a/secilc/secil2tree.8.xml +++ b/secilc/secil2tree.8.xml @@ -45,6 +45,11 @@ Treat tunables as booleans. + + + Use qualified names. Blocks, blockinherits, blockabstracts, and in-statements will not be allowed. + + Write AST of phase phase. Must be parse, build, or resolve. (default: resolve) diff --git a/secilc/secil2tree.c b/secilc/secil2tree.c index 218d0583..548a5c63 100644 --- a/secilc/secil2tree.c +++ b/secilc/secil2tree.c @@ -54,6 +54,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) printf("Options:\n"); printf(" -o, --output= write AST to . (default: stdout)\n"); printf(" -P, --preserve-tunables treat tunables as booleans\n"); + printf(" -Q, --qualified-names Use qualified names and do not allow blocks\n"); printf(" -A, --ast-phase= write AST of phase . Phase must be parse, \n"); printf(" build, or resolve. (default: resolve)\n"); printf(" -v, --verbose increment verbosity level\n"); @@ -71,6 +72,7 @@ int main(int argc, char *argv[]) char *output = NULL; struct cil_db *db = NULL; int preserve_tunables = 0; + int qualified_names = 0; enum write_ast_phase write_ast = WRITE_AST_PHASE_RESOLVE; int opt_char; int opt_index = 0; @@ -79,6 +81,7 @@ int main(int argc, char *argv[]) {"help", no_argument, 0, 'h'}, {"verbose", no_argument, 0, 'v'}, {"preserve-tunables", no_argument, 0, 'P'}, + {"qualified-names", no_argument, 0, 'Q'}, {"output", required_argument, 0, 'o'}, {"ast-phase", required_argument, 0, 'A'}, {0, 0, 0, 0} @@ -86,7 +89,7 @@ int main(int argc, char *argv[]) int i; while (1) { - opt_char = getopt_long(argc, argv, "o:hvPA:", long_opts, &opt_index); + opt_char = getopt_long(argc, argv, "o:hvPQA:", long_opts, &opt_index); if (opt_char == -1) { break; } @@ -97,6 +100,9 @@ int main(int argc, char *argv[]) case 'P': preserve_tunables = 1; break; + case 'Q': + qualified_names = 1; + break; case 'o': output = strdup(optarg); break; @@ -131,6 +137,7 @@ int main(int argc, char *argv[]) cil_db_init(&db); cil_set_preserve_tunables(db, preserve_tunables); + cil_set_qualified_names(db, qualified_names); cil_set_attrs_expand_generated(db, 0); cil_set_attrs_expand_size(db, 0); From patchwork Thu Jun 24 19:59:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12343155 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B4FFC49EAB for ; Thu, 24 Jun 2021 19:59:26 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0E36161185 for ; Thu, 24 Jun 2021 19:59:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232825AbhFXUBo (ORCPT ); Thu, 24 Jun 2021 16:01:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35468 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232778AbhFXUBo (ORCPT ); Thu, 24 Jun 2021 16:01:44 -0400 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B9657C061760 for ; Thu, 24 Jun 2021 12:59:23 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id g4so16774562qkl.1 for ; Thu, 24 Jun 2021 12:59:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3EfITN/irGToVWBkMD3s90y3eUFguLisHqXzLuQ6mlA=; b=HmgM/4g3ZMXX25V+/ND2YPX3c6mQGocQw6ruDgl0bPbjq456fPSIsMrX9m3jt+Wy96 p+m0B1PERHisRS1I51CiuKFwWrKexImZLgG9VMGrmJHzfsAHbJ/SZozSzS/BuTMtT4U2 BMtyfEVo5YzsAMXC4PczLoH36Q4um7MfSrj2lhF2nfZ6mG/zlPajGsM2ywJhsp16F/t5 wX83iawijIKSQ26biWEbZjqrBAkAI/RRLHmc2J3Wp3RqsQzPhlgkPGmOx9X45LfAN0zo MGEM0v3jd1L94jO6gMfSKIQTIrrQZYJqLi7XhLpHu20mJ4nsKPrxNXgU7RRDP93AM/PX Ibhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3EfITN/irGToVWBkMD3s90y3eUFguLisHqXzLuQ6mlA=; b=mPD+sLHcS+HjEZUyQa+SX1z/PxZT5MLbYJfh3XpyTJkuB/9ijOrDztt7AeDS61iiV1 X55A+XldRCCKhSy5ImTo+sZxCi4ZPz7oUMVsrwo+wKJJzG3dj3gS/8yzmrSCY0iZRUGW yY+U+sLyVDJ+Iy/dTkOvxTctKYtk7eUkzfcDCa3Ss4Wv+s6+7UREyV4LFha6eBmCIAA4 bfP39CuCjFuZsC9vxzwfvwZ8Stu16L9a384xSM2AHLhyyVVp9810ZYu9h0jlKIwoSUTy 9WXvACFaNOI8lHDWzB96fgJYpDDPNbJtvzUUZ1x/R8AMLSLC7t/tkgOAlajuUYYJrS6R dxDw== X-Gm-Message-State: AOAM532VTSjdWbY/tO5OVtR+YSupidEe/8lqqNoc2wUKXiNRJUdE/7MR kbRVspRmR1eAc1Ou7wtAKUMcCuroo7VUTA== X-Google-Smtp-Source: ABdhPJwQCshGkn7v2SuoEQr8OM7U8THatnMSsJvzB3FUjt3RLTr6HJqAJByCeZhJQ0gony6i9NQ4WQ== X-Received: by 2002:a05:620a:52c:: with SMTP id h12mr7599831qkh.399.1624564762876; Thu, 24 Jun 2021 12:59:22 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id w185sm3345813qkd.30.2021.06.24.12.59.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 24 Jun 2021 12:59:22 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 4/4] libsepol/cil: Add support for using qualified names to secil2conf Date: Thu, 24 Jun 2021 15:59:19 -0400 Message-Id: <20210624195919.148828-4-jwcart2@gmail.com> X-Mailer: git-send-email 2.26.3 In-Reply-To: <20210624195919.148828-1-jwcart2@gmail.com> References: <20210624195919.148828-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Provide the option "-Q" or "--qualified-names" to indicate that the policy is using qualified names. Using qualified names means that declaration names can have "dots" in them, but blocks, blockinherits, blockabstracts, and in-statements are not allowed in the policy. The libsepol function cil_set_qualified_names() is called with the desired value for the CIL db's "qualified_names" field. Signed-off-by: James Carter --- secilc/secil2conf.8.xml | 5 +++++ secilc/secil2conf.c | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/secilc/secil2conf.8.xml b/secilc/secil2conf.8.xml index 59d87a54..856c1239 100644 --- a/secilc/secil2conf.8.xml +++ b/secilc/secil2conf.8.xml @@ -50,6 +50,11 @@ Treat tunables as booleans. + + + Use qualified names. Blocks, blockinherits, blockabstracts, and in-statements will not be allowed. + + Increment verbosity level. diff --git a/secilc/secil2conf.c b/secilc/secil2conf.c index 4e97dd66..7a317ada 100644 --- a/secilc/secil2conf.c +++ b/secilc/secil2conf.c @@ -52,6 +52,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog) printf(" This will override the (mls boolean) statement\n"); printf(" if present in the policy\n"); printf(" -P, --preserve-tunables treat tunables as booleans\n"); + printf(" -Q, --qualified-names Use qualified names and do not allow blocks\n"); printf(" -v, --verbose increment verbosity level\n"); printf(" -h, --help display usage information\n"); exit(1); @@ -68,6 +69,7 @@ int main(int argc, char *argv[]) struct cil_db *db = NULL; int mls = -1; int preserve_tunables = 0; + int qualified_names = 0; int opt_char; int opt_index = 0; enum cil_log_level log_level = CIL_ERR; @@ -76,13 +78,14 @@ int main(int argc, char *argv[]) {"verbose", no_argument, 0, 'v'}, {"mls", required_argument, 0, 'M'}, {"preserve-tunables", no_argument, 0, 'P'}, + {"qualified-names", no_argument, 0, 'Q'}, {"output", required_argument, 0, 'o'}, {0, 0, 0, 0} }; int i; while (1) { - opt_char = getopt_long(argc, argv, "o:hvM:P", long_opts, &opt_index); + opt_char = getopt_long(argc, argv, "o:hvM:PQ", long_opts, &opt_index); if (opt_char == -1) { break; } @@ -102,6 +105,9 @@ int main(int argc, char *argv[]) case 'P': preserve_tunables = 1; break; + case 'Q': + qualified_names = 1; + break; case 'o': output = strdup(optarg); break; @@ -123,6 +129,7 @@ int main(int argc, char *argv[]) cil_db_init(&db); cil_set_preserve_tunables(db, preserve_tunables); + cil_set_qualified_names(db, qualified_names); cil_set_mls(db, mls); cil_set_attrs_expand_generated(db, 0); cil_set_attrs_expand_size(db, 0);