From patchwork Wed Aug 9 20:40:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348495 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E8B62C0015E for ; Wed, 9 Aug 2023 20:40:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232124AbjHIUkw (ORCPT ); Wed, 9 Aug 2023 16:40:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231251AbjHIUkv (ORCPT ); Wed, 9 Aug 2023 16:40:51 -0400 Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 47C34FF for ; Wed, 9 Aug 2023 13:40:51 -0700 (PDT) Received: by mail-qt1-x830.google.com with SMTP id d75a77b69052e-409ae93bbd0so1103901cf.0 for ; Wed, 09 Aug 2023 13:40:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613650; x=1692218450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=gbOdQYH6aeZrzn2MDIJ5QdrJLMu6SEX+NSD6BMtE0hI=; b=D8NZZRnftrvgADy7hV+lKLpv9npnPuPfchq3YUUGPA6EyPjVe4TDpMt4/16KPGA3Qp sWhMTrbQuQp4f6K5+Hkclu2KBf6b2XDW1YbhkZ61zzmns7xwzmgD3KqlR4vaWmWwJ61E NR+5FuntOFAjxktOW4cqfNal8QVTUIy2numSVWuOb1GwCwbs4BpIMYOTNjROMbOfE7sJ 7uVcMtedlrsWElvkMrs2scMrJKaMz5cvB25+1GfHQiVaXZJZYATAr3iF+evzxGXJaJjz VzTMbB9HVtx3LmdgCuwwgV3ql5fuhYByhEFBOtk/rS/+8ocU4MgNBayekXRNjXA/Sifz I7Ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613650; x=1692218450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=gbOdQYH6aeZrzn2MDIJ5QdrJLMu6SEX+NSD6BMtE0hI=; b=FS0HsR519KNKif27z9bgpS/DrGvIsTyX32fZSdzGSgyi6okExUXkdmYR7wScVosElg vI/Jv7c1uSi/sRmOl/uATORTRo3DzhzxoKsVXT3YqYz0EoWfQ1sVQbWHvXOuVBDYKlhZ ywQ3k7S7yCokgmi/1f2xkr5lZEepzlIOYtg+PYWhxLY2XuG3TAVen6+yBBvUgb/l9tnp XzuQ2rO/0etuIS2EHQXM5GS8wtOLSfHL+qJli2EWonyEAzeaz+FJfSrzi8FVlMkZYhbb ULZhuZ9DAFkjSS5B3t36A/UfRqRD8s3OWoWiyvcCpyejpoIGGDkUTulXo9ejdG1PBgTu 3qJw== X-Gm-Message-State: AOJu0Yx4L11/C13HsNGQxtc5lczLS2UYcgUGU/ayRI7NIqAigbUBfI0e 5Cr5arJdFfPMm7m7C3O7d9k2VhiEWz8= X-Google-Smtp-Source: AGHT+IEfuNliwoJO5Sp9GVcnV99rdoEh8dVdK50MbG+eoSUDYDhwX/lE3UcAWl8xVOJYZgA4IAosmA== X-Received: by 2002:a05:622a:3:b0:403:e9e2:3d03 with SMTP id x3-20020a05622a000300b00403e9e23d03mr584914qtw.47.1691613650015; Wed, 09 Aug 2023 13:40:50 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:49 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 1/7 v2] libsepol: Changes to ebitmap.h to fix compiler warnings Date: Wed, 9 Aug 2023 16:40:40 -0400 Message-ID: <20230809204046.110783-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When compiling with the "-Wnull-dereference" flag, the compiler is not smart enough to realize that anytime the ebitmap_t node field is NULL, the highbit field will equal 0. This causes false positive warnings to be generated. Change the ebitmap_is_empty() and ebitmap_length() macros to check for the node being NULL instead of just relying on the value of highbit to eliminate these false warnings. Signed-off-by: James Carter --- libsepol/include/sepol/policydb/ebitmap.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/include/sepol/policydb/ebitmap.h b/libsepol/include/sepol/policydb/ebitmap.h index c434c4ba..7e19c301 100644 --- a/libsepol/include/sepol/policydb/ebitmap.h +++ b/libsepol/include/sepol/policydb/ebitmap.h @@ -39,8 +39,8 @@ typedef struct ebitmap { uint32_t highbit; /* highest position in the total bitmap */ } ebitmap_t; -#define ebitmap_is_empty(e) (((e)->highbit) == 0) -#define ebitmap_length(e) ((e)->highbit) +#define ebitmap_is_empty(e) (((e)->node) == NULL) +#define ebitmap_length(e) ((e)->node ? (e)->highbit : 0) #define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0) #define ebitmap_startnode(e) ((e)->node) From patchwork Wed Aug 9 20:40:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348496 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94AA6C001E0 for ; Wed, 9 Aug 2023 20:40:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229560AbjHIUky (ORCPT ); Wed, 9 Aug 2023 16:40:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229943AbjHIUkx (ORCPT ); Wed, 9 Aug 2023 16:40:53 -0400 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 535A2196 for ; Wed, 9 Aug 2023 13:40:52 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id af79cd13be357-765a7768f1dso17777785a.0 for ; Wed, 09 Aug 2023 13:40:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613651; x=1692218451; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=tkoXBwXrQ5LRt3UU4emrLWsDPN+ezmGSl2c5buk89ik=; b=g4f0iiwcitLyy+60gbzurysjLMW91jB6Eaz5ph9TIpnOCI7kBeS676tsTfhSWU0xBU 7UwqNR9IUKhqWu9W31ysLK2+mlEeqLez4EIyMuZKe493fub0KSQ2Dqcl5DVQu+JhZLQu hZYtbCaT23sx21vQTBlu+/dLDEDGdyx2pyh10fv4K0vcOZEwE4KOafTSJpG0UGv13yCu bj78tZf3MYLxhcSu2CU5elrbyJvWt8FF7KtJOiEYgBl9VlabGdWeH3IBcmLYDdLT+4jg DU87xIQcW66FrSZzDEqXX2tXMV+cNdlWjqHIg3Ukig7qZrjXZ5yI5WJirpEl/BLqjeTg ixeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613651; x=1692218451; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tkoXBwXrQ5LRt3UU4emrLWsDPN+ezmGSl2c5buk89ik=; b=jDEWGIHx5a/mWG7xJn0Pw78oEPKKTARAOCPrUhWskkTpF+FwKhh36NyYk/1O3Bmig3 EAsfQtXdMOOkFP7WGN7bvNB4s/MMS16yzedspTafX9uDvrf9LkT8AXKocBbKYv+KQRG4 v7EVo14CQsvvuPXw8irfg6zxRF7IUpQONGg4BBy77bXoJpHXt1yt/gZRex5bTChO8RoS iTVuQhwDxo8Ry/5+sMg7Ag6rs74Azwpe0rrXRRy/5Xdj2C/Ucg5pspSZnItsTv1v4hOT dEoJkPOp+cdg4q+FcX193EoTnIB8ll/tSK1icN9cF/jlW65KzjEuADFnUkDdiBRClpEW Nk8w== X-Gm-Message-State: AOJu0YwrUCKxdqcM/5j4ESdwwPBQDTFHH2fvIL/MUJ08gTjzpDSsHHVm hTRX78Sn1gk/5PBQbamXKCCbTotjTRg= X-Google-Smtp-Source: AGHT+IHk0YDVq5PgKX9slMF8FrrqbeZ0TYyzpH2ROASrd/SagKSLaD/TXqnJ6buqwIrBjtvAY5ZxAA== X-Received: by 2002:a05:620a:45a4:b0:76c:7d2a:2dbf with SMTP id bp36-20020a05620a45a400b0076c7d2a2dbfmr123088qkb.57.1691613650928; Wed, 09 Aug 2023 13:40:50 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:50 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 2/7 v2] libsepol/cil: Do not call ebitmap_init twice for an ebitmap Date: Wed, 9 Aug 2023 16:40:41 -0400 Message-ID: <20230809204046.110783-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org While it does no harm to call ebitmap_init() twice for an ebitmap, since it is just memsetting the ebitmap to 0, it is poor practice. In the function cil_type_matches() in cil_find.c, either ebitmap_and() or ebitmap_set_bit() will be called. The function ebitmap_and() will call ebitmap_init() on the destination ebitmap, but ebitmap_set_bit() does not. Instead of calling ebitmap_init() before the call to cil_type_matches(), let cil_type_matches() make the call if it is going to call ebitmap_set_bit(). It can also call ebitmap_destroy() on an error. Since we are removing the call to ebitmap_init() in cil_self_match_any(), cleanup some other things in the function (like using the FLAVOR() macro and using ebitmap_is_empty()). Signed-off-by: James Carter --- libsepol/cil/src/cil_find.c | 60 +++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c index 8b755277..0246d133 100644 --- a/libsepol/cil/src/cil_find.c +++ b/libsepol/cil/src/cil_find.c @@ -85,29 +85,34 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str enum cil_flavor f1 = FLAVOR(d1); enum cil_flavor f2 = FLAVOR(d2); - if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { - struct cil_type *t1 = (struct cil_type *)d1; - struct cil_type *t2 = (struct cil_type *)d2; - if (t1->value == t2->value) { - ebitmap_set_bit(matches, t1->value, 1); - } - } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { - struct cil_typeattribute *a = (struct cil_typeattribute *)d1; - struct cil_type *t = (struct cil_type *)d2; - if (ebitmap_get_bit(a->types, t->value)) { - ebitmap_set_bit(matches, t->value, 1); - } - } else if (f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) { - struct cil_type *t = (struct cil_type *)d1; - struct cil_typeattribute *a = (struct cil_typeattribute *)d2; - if (ebitmap_get_bit(a->types, t->value)) { - ebitmap_set_bit(matches, t->value, 1); - } - } else { - /* Both are attributes */ + if (f1 == CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) { struct cil_typeattribute *a1 = (struct cil_typeattribute *)d1; struct cil_typeattribute *a2 = (struct cil_typeattribute *)d2; rc = ebitmap_and(matches, a1->types, a2->types); + } else { + ebitmap_init(matches); + if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { + struct cil_type *t1 = (struct cil_type *)d1; + struct cil_type *t2 = (struct cil_type *)d2; + if (t1->value == t2->value) { + rc = ebitmap_set_bit(matches, t1->value, 1); + } + } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *a = (struct cil_typeattribute *)d1; + struct cil_type *t = (struct cil_type *)d2; + if (ebitmap_get_bit(a->types, t->value)) { + rc = ebitmap_set_bit(matches, t->value, 1); + } + } else { // f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE + struct cil_type *t = (struct cil_type *)d1; + struct cil_typeattribute *a = (struct cil_typeattribute *)d2; + if (ebitmap_get_bit(a->types, t->value)) { + rc = ebitmap_set_bit(matches, t->value, 1); + } + } + if (rc != SEPOL_OK) { + ebitmap_destroy(matches); + } } return rc; @@ -115,31 +120,28 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str /* s1 is the src type that is matched with a self * s2, and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 */ static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) { int rc; - struct cil_tree_node *n1 = NODE(s1); - if (n1->flavor != CIL_TYPEATTRIBUTE) { + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { rc = cil_type_match_any(s1, t2); } else { struct cil_typeattribute *a = (struct cil_typeattribute *)s1; ebitmap_t map; - ebitmap_init(&map); rc = cil_type_matches(&map, s2, t2); if (rc < 0) { - ebitmap_destroy(&map); - goto exit; + return rc; } - if (map.node == NULL) { - rc = CIL_FALSE; - goto exit; + if (ebitmap_is_empty(&map)) { + return CIL_FALSE; } rc = ebitmap_match_any(&map, a->types); ebitmap_destroy(&map); } -exit: return rc; } From patchwork Wed Aug 9 20:40:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348499 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70D36C0015E for ; Wed, 9 Aug 2023 20:40:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232166AbjHIUkz (ORCPT ); Wed, 9 Aug 2023 16:40:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36250 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231251AbjHIUky (ORCPT ); Wed, 9 Aug 2023 16:40:54 -0400 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5188BB4 for ; Wed, 9 Aug 2023 13:40:53 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id af79cd13be357-76ca4f88215so19281085a.0 for ; Wed, 09 Aug 2023 13:40:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613652; x=1692218452; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BWkhWB9rM070FUwu0FBBKPn7wkHiyq3fYMXzt1p4Lc4=; b=AzSIrN/ZnyvFjO6KmjD3eGW/x4h5nQ5zt5QLIXgWHJ0itGVLeaFp8dQ5ubxaz5yOYZ DMa/i6WHokMocKsj7/5RcBvpQwMWSo5wYifMSlvdPcQa/89nkPh9b/i004MpWIoYSJVR 1eb/6zL3zugsxxeF1WDW1wWsEQsY94+qHzi+2cTz+Y+fBSBqNNHr66M6BWETH5Mw5Pm8 XhYrM8czMxvIgZPeTEkNJPkVOrJ98AHnyyhwaEmpeaPc06z/4L+pO5SIB96xeGLD7qO1 stj2OVGXmTcAlsDGWsGmGalyIwxunEfxo6h+qzMXMf/hMcqNcWupgs2dDldjvbe27KHm IWBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613652; x=1692218452; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BWkhWB9rM070FUwu0FBBKPn7wkHiyq3fYMXzt1p4Lc4=; b=jUhVcQ3GyIlwlEhkEMdMJKM22upVmFrnUVgecN5x8vCBRem7ms9k1ifhth5Yh5/7DK tYZMOwE809GyPrIX8qms06CjNICZAECKOKa/jeRp6qu+QxJRPcrHfh4TzAYcGPlHYX3U quZT5Qu9oxY+rfcSt/uQ5DuXKLQUVjtZ9loMwayFrGOVD0I97trdGsrGbrNcske0YKDr cQk9OdPr+lRvfgkx0cWcN1i5lnrHA5B1bdd8i1asFxPUil+W3e2T1rKomAKNaDpcmOgp mu6JWIcPEtx2pOjD9tUFwl/L9QTQQ07FWFIlP/PlQZ5txegSmrg9IZ4zUzpRitKx8jir lrKw== X-Gm-Message-State: AOJu0YyVYCZCFQkLMKK3PnXy/OSf+BAts//F8EEZLBN+TZVNuuF16xmO ojlWVl8W0kgH7lt7396MbMSvqvF34bo= X-Google-Smtp-Source: AGHT+IFPZN0ZjpGv6XBUs20TWWBYEYozTaiYdHAw3bAySXK4mZDWHyKYHraufwFt9XJhFAptIp0yeg== X-Received: by 2002:a05:622a:1449:b0:403:38ce:c597 with SMTP id v9-20020a05622a144900b0040338cec597mr528427qtx.13.1691613651900; Wed, 09 Aug 2023 13:40:51 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:51 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 3/7 v2] libsepol/cil: Add notself and other support to CIL Date: Wed, 9 Aug 2023 16:40:42 -0400 Message-ID: <20230809204046.110783-4-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Like "self", both of these reserved words can be used as a target in an access vector rule. "notself" means all types other than the source type. "other" is meant to be used with an attribute and its use results in the rule being expanded with each type of the attribute being used as the source type with each of the other types being used as the target type. Using "other" with just a type will result in no rule. Example 1 (allow TYPE1 notself (CLASS (PERM))) This rule is expanded to a number of rules with TYPE1 as the source and every type except for TYPE1 as the target. Example 2 (allow ATTR1 notself (CLASS (PERM))) Like Example 1, this rule will be expanded to each type in ATTR1 being the source with every type except for the type used as the source being the target. Example 3 (allow TYPE1 other (CLASS (PERM))) This expands to no rule. Example 4 (allow ATTR1 other (CLASS (PERM))) Like Example 2, but the target types will be limited to the types in the attribute ATTR1 instead of all types. So if ATTR1 has the type t1, t2, and t3, then this rule expands to the following rules. (allow t1 t2 (CLASS (PERM))) (allow t1 t3 (CLASS (PERM))) (allow t2 t1 (CLASS (PERM))) (allow t2 t3 (CLASS (PERM))) (allow t3 t1 (CLASS (PERM))) (allow t3 t2 (CLASS (PERM))) Signed-off-by: James Carter --- libsepol/cil/src/cil.c | 12 ++ libsepol/cil/src/cil_binary.c | 91 +++++++++++++- libsepol/cil/src/cil_build_ast.c | 10 +- libsepol/cil/src/cil_find.c | 188 ++++++++++++++++++++++++++--- libsepol/cil/src/cil_internal.h | 4 + libsepol/cil/src/cil_resolve_ast.c | 4 + libsepol/cil/src/cil_verify.c | 3 +- 7 files changed, 289 insertions(+), 23 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 38edcf8e..ed97ff44 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -84,6 +84,8 @@ char *CIL_KEY_CONS_INCOMP; char *CIL_KEY_CONDTRUE; char *CIL_KEY_CONDFALSE; char *CIL_KEY_SELF; +char *CIL_KEY_NOTSELF; +char *CIL_KEY_OTHER; char *CIL_KEY_OBJECT_R; char *CIL_KEY_STAR; char *CIL_KEY_TCP; @@ -253,6 +255,8 @@ static void cil_init_keys(void) CIL_KEY_CONDTRUE = cil_strpool_add("true"); CIL_KEY_CONDFALSE = cil_strpool_add("false"); CIL_KEY_SELF = cil_strpool_add("self"); + CIL_KEY_NOTSELF = cil_strpool_add("notself"); + CIL_KEY_OTHER = cil_strpool_add("other"); CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); CIL_KEY_STAR = cil_strpool_add("*"); CIL_KEY_UDP = cil_strpool_add("udp"); @@ -430,6 +434,12 @@ void cil_db_init(struct cil_db **db) cil_type_init(&(*db)->selftype); (*db)->selftype->datum.name = CIL_KEY_SELF; (*db)->selftype->datum.fqn = CIL_KEY_SELF; + cil_type_init(&(*db)->notselftype); + (*db)->notselftype->datum.name = CIL_KEY_NOTSELF; + (*db)->notselftype->datum.fqn = CIL_KEY_NOTSELF; + cil_type_init(&(*db)->othertype); + (*db)->othertype->datum.name = CIL_KEY_OTHER; + (*db)->othertype->datum.fqn = CIL_KEY_OTHER; (*db)->num_types_and_attrs = 0; (*db)->num_classes = 0; (*db)->num_types = 0; @@ -483,6 +493,8 @@ void cil_db_destroy(struct cil_db **db) cil_list_destroy(&(*db)->names, CIL_TRUE); cil_destroy_type((*db)->selftype); + cil_destroy_type((*db)->notselftype); + cil_destroy_type((*db)->othertype); cil_strpool_destroy(); free((*db)->val_to_type); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index c4ee2380..a8e3616a 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -1519,6 +1519,46 @@ static int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struc } } ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + for (t = 0; t < (unsigned int)db->num_types; t++) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_OTHER) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + ebitmap_for_each_positive_bit(&src_bitmap, tnode, t) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); } else { int expand_src = __cil_should_expand_attribute(db, src); int expand_tgt = __cil_should_expand_attribute(db, tgt); @@ -1875,10 +1915,51 @@ static int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, st src = DATUM(db->val_to_type[s]); rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, src, cil_avrulex->perms.x.permx, args); if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); goto exit; } } ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + for (t = 0; t < (unsigned int)db->num_types; t++) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_OTHER) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + ebitmap_for_each_positive_bit(&src_bitmap, tnode, t) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); } else { int expand_src = __cil_should_expand_attribute(db, src); int expand_tgt = __cil_should_expand_attribute(db, tgt); @@ -4813,8 +4894,16 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct if (tgt->fqn == CIL_KEY_SELF) { rule->flags = RULE_SELF; + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rule->flags = RULE_NOTSELF; + } else if (tgt->fqn == CIL_KEY_OTHER) { + rule->flags = RULE_NOTSELF; + rc = __cil_add_sepol_type(pdb, db, cil_rule->src, &rule->ttypes.types); + if (rc != SEPOL_OK) { + goto exit; + } } else { - rc = __cil_add_sepol_type(pdb, db, cil_rule->tgt, &rule->ttypes.types); + rc = __cil_add_sepol_type(pdb, db, tgt, &rule->ttypes.types); if (rc != SEPOL_OK) { goto exit; } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 4177c9f6..ca9f80c7 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -3126,9 +3126,13 @@ int cil_gen_aliasactual(struct cil_db *db, struct cil_tree_node *parse_current, goto exit; } - if ((flavor == CIL_TYPEALIAS && parse_current->next->data == CIL_KEY_SELF) || parse_current->next->next->data == CIL_KEY_SELF) { - cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF); - rc = SEPOL_ERR; + rc = cil_verify_name(db, parse_current->next->data, flavor); + if (rc != SEPOL_OK) { + goto exit; + } + + rc = cil_verify_name(db, parse_current->next->next->data, flavor); + if (rc != SEPOL_OK) { goto exit; } diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c index 0246d133..11aa296e 100644 --- a/libsepol/cil/src/cil_find.c +++ b/libsepol/cil/src/cil_find.c @@ -145,6 +145,132 @@ static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_dat return rc; } +/* s1 is the src type that is matched with a notself + * s2 and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 + */ +static int cil_notself_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) +{ + int rc; + ebitmap_node_t *snode, *tnode; + unsigned int s,t; + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { + struct cil_type *ts1 = (struct cil_type *)s1; + if (FLAVOR(t2) != CIL_TYPEATTRIBUTE) { + struct cil_type *tt2 = (struct cil_type *)t2; + if (ts1->value != tt2->value) { + return CIL_TRUE; + } + } else { + struct cil_typeattribute *at2 = (struct cil_typeattribute *)t2; + ebitmap_for_each_positive_bit(at2->types, tnode, t) { + if (t != (unsigned int)ts1->value) { + return CIL_TRUE; + } + } + } + } else { + ebitmap_t smap; + rc = cil_type_matches(&smap, s1, s2); + if (rc < 0) { + return rc; + } + if (ebitmap_is_empty(&smap)) { + return CIL_FALSE; + } + if (FLAVOR(t2) != CIL_TYPEATTRIBUTE) { + struct cil_type *tt2 = (struct cil_type *)t2; + ebitmap_for_each_positive_bit(&smap, snode, s) { + if (s != (unsigned int)tt2->value) { + ebitmap_destroy(&smap); + return CIL_TRUE; + } + } + } else { + struct cil_typeattribute *at2 = (struct cil_typeattribute *)t2; + ebitmap_for_each_positive_bit(&smap, snode, s) { + ebitmap_for_each_positive_bit(at2->types, tnode, t) { + if (s != t) { + ebitmap_destroy(&smap); + return CIL_TRUE; + } + } + } + } + ebitmap_destroy(&smap); + } + + return CIL_FALSE; +} + +/* s1 is the src type that is matched with an other + * s2, and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 + */ +static int cil_other_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) +{ + int rc; + ebitmap_t smap, tmap; + ebitmap_node_t *snode, *tnode; + unsigned int s,t; + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { + return CIL_FALSE; + } + + rc = cil_type_matches(&smap, s1, s2); + if (rc < 0) { + return rc; + } + + if (ebitmap_is_empty(&smap)) { + return CIL_FALSE; + } + + rc = cil_type_matches(&tmap, s1, t2); + if (rc < 0) { + ebitmap_destroy(&smap); + return rc; + } + + if (ebitmap_is_empty(&tmap)) { + ebitmap_destroy(&smap); + return CIL_FALSE; + } + + ebitmap_for_each_positive_bit(&smap, snode, s) { + ebitmap_for_each_positive_bit(&tmap, tnode, t) { + if (s != t) { + rc = CIL_TRUE; + goto exit; + } + } + } + + rc = CIL_FALSE; + +exit: + ebitmap_destroy(&smap); + ebitmap_destroy(&tmap); + return rc; +} + +/* s2 is the src type that is matched with an other + * Assumes there is a match between s1 and s2 + * s1 is not needed, since it is known that there is a match + */ +static int cil_notself_other_match_any(struct cil_symtab_datum *s2) +{ + if (FLAVOR(s2) == CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *as2 = (struct cil_typeattribute *)s2; + if (ebitmap_cardinality(as2->types) > 1) { + return CIL_TRUE; + } + } + return CIL_FALSE; +} + static int cil_classperms_match_any(struct cil_classperms *cp1, struct cil_classperms *cp2) { struct cil_class *c1 = cp1->class; @@ -310,30 +436,56 @@ static int cil_find_matching_avrule(struct cil_tree_node *node, struct cil_avrul if (!cil_type_match_any(s1, s2)) goto exit; - if (t1->fqn != CIL_KEY_SELF && t2->fqn != CIL_KEY_SELF) { - if (!cil_type_match_any(t1, t2)) goto exit; - } else { - if (t1->fqn == CIL_KEY_SELF && t2->fqn == CIL_KEY_SELF) { + if (t1->fqn == CIL_KEY_SELF) { + if (t2->fqn == CIL_KEY_SELF) { /* The earlier check whether s1 and s2 matches is all that is needed */ - } else if (t1->fqn == CIL_KEY_SELF) { + rc = CIL_TRUE; + } else if (t2->fqn == CIL_KEY_NOTSELF || t2->fqn == CIL_KEY_OTHER) { + rc = CIL_FALSE; + } else { rc = cil_self_match_any(s1, s2, t2); - if (rc < 0) { - goto exit; - } else if (rc == CIL_FALSE) { - rc = SEPOL_OK; - goto exit; - } - } else if (t2->fqn == CIL_KEY_SELF) { + } + } else if (t1->fqn == CIL_KEY_NOTSELF) { + if (t2->fqn == CIL_KEY_SELF) { + rc = CIL_FALSE; + } else if (t2->fqn == CIL_KEY_NOTSELF) { + /* The earlier check whether s1 and s2 matches is all that is needed */ + rc = CIL_TRUE; + } else if (t2->fqn == CIL_KEY_OTHER) { + rc = cil_notself_other_match_any(s2); + } else { + rc = cil_notself_match_any(s1, s2, t2); + } + } else if (t1->fqn == CIL_KEY_OTHER) { + if (t2->fqn == CIL_KEY_SELF) { + rc = CIL_FALSE; + } else if (t2->fqn == CIL_KEY_NOTSELF) { + rc = cil_notself_other_match_any(s1); + } else if (t2->fqn == CIL_KEY_OTHER) { + /* The earlier check whether s1 and s2 matches is all that is needed */ + rc = CIL_TRUE; + } else { + rc = cil_other_match_any(s1, s2, t2); + } + } else { + if (t2->fqn == CIL_KEY_SELF) { rc = cil_self_match_any(s2, s1, t1); - if (rc < 0) { - goto exit; - } else if (rc == CIL_FALSE) { - rc = SEPOL_OK; - goto exit; - } + } else if (t2->fqn == CIL_KEY_NOTSELF) { + rc = cil_notself_match_any(s2, s1, t1); + } else if (t2->fqn == CIL_KEY_OTHER) { + rc = cil_other_match_any(s2, s1, t1); + } else { + rc = cil_type_match_any(t1, t2); } } + if (rc < 0) { + goto exit; + } else if (rc == CIL_FALSE) { + rc = SEPOL_OK; + goto exit; + } + if (!target->is_extended) { if (cil_classperms_list_match_any(avrule->perms.classperms, target->perms.classperms)) { cil_list_append(matching, CIL_NODE, node); diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index a7604762..d727c352 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -101,6 +101,8 @@ extern char *CIL_KEY_CONS_INCOMP; extern char *CIL_KEY_CONDTRUE; extern char *CIL_KEY_CONDFALSE; extern char *CIL_KEY_SELF; +extern char *CIL_KEY_NOTSELF; +extern char *CIL_KEY_OTHER; extern char *CIL_KEY_OBJECT_R; extern char *CIL_KEY_STAR; extern char *CIL_KEY_TCP; @@ -289,6 +291,8 @@ struct cil_db { struct cil_tree *parse; struct cil_tree *ast; struct cil_type *selftype; + struct cil_type *notselftype; + struct cil_type *othertype; struct cil_list *sidorder; struct cil_list *classorder; struct cil_list *catorder; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index d2bfdc81..96dd4054 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -333,6 +333,10 @@ int cil_resolve_avrule(struct cil_tree_node *current, void *extra_args) if (rule->tgt_str == CIL_KEY_SELF) { rule->tgt = db->selftype; + } else if (rule->tgt_str == CIL_KEY_NOTSELF) { + rule->tgt = db->notselftype; + } else if (rule->tgt_str == CIL_KEY_OTHER) { + rule->tgt = db->othertype; } else { rc = cil_resolve_name(current, rule->tgt_str, CIL_SYM_TYPES, args, &tgt_datum); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 3f58969d..8b37d2a7 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -68,7 +68,8 @@ static int __cil_is_reserved_name(const char *name, enum cil_flavor flavor) case CIL_TYPE: case CIL_TYPEATTRIBUTE: case CIL_TYPEALIAS: - if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF)) + if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF) || (name == CIL_KEY_NOTSELF) + || (name == CIL_KEY_OTHER)) return CIL_TRUE; break; case CIL_CAT: From patchwork Wed Aug 9 20:40:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348498 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43E6CC001E0 for ; Wed, 9 Aug 2023 20:40:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232404AbjHIUkz (ORCPT ); Wed, 9 Aug 2023 16:40:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36254 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231277AbjHIUky (ORCPT ); Wed, 9 Aug 2023 16:40:54 -0400 Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com [IPv6:2607:f8b0:4864:20::836]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59F69A6 for ; Wed, 9 Aug 2023 13:40:54 -0700 (PDT) Received: by mail-qt1-x836.google.com with SMTP id d75a77b69052e-40fd276621aso896661cf.2 for ; Wed, 09 Aug 2023 13:40:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613653; x=1692218453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=pnwXnT2ge/xc5k9DCBeERNeMibBFIofcb6WJ4vCZxQA=; b=SLYCSi+niUZaDtIFTq+DyUPCcmpsAY0BUj6LR9/f1TBD+5hmOLU2xzgB4k2vyfxYdS azzNekCgec3K0Bz+uMHsWxnltjDdhPTilFGFmvnck3EZn+QDaAeK7mM8FFjnnh1qGg4N EgkxiZh2oEiUWJWFo2vRSb+ZOmp17JKmXl4GVcBHIY5k9toygyr7sKjacgM5Q9Ka88ZJ +rG5+ibLZ24zuRp0Hfrb9Ez8WITcqwblGDmlxKmsc3tkdnMV7KpYqr9+RMT4W8EZErxP p/m6aBmnRoPWzHUxhUcNhfoBR1Xt3L70vnW527/WHrFPvMcIfM8ZisPxIV76Y5lTYF8e e+rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613653; x=1692218453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pnwXnT2ge/xc5k9DCBeERNeMibBFIofcb6WJ4vCZxQA=; b=N4qSJeQ4kvX2NBGuvvALBq2Mlw0JpqV71r9VPZtitrp8qk7gpdXJxoon0U24/i7Nr5 W4fBtmIcn+N1maUAhNDQALoqZ7xNKE8oEPuF0ROKwmNokvkwj1/pEaF0HY5/zOAVStp5 3spJ7akz0i4FxM6aMmVcy/1ToxBV/iyFvAfKtWiIDmxJnrvzP1taljFk72AbnrpP3Q87 FzuiQhqwjCnAWQm1Ak3FLSKlgKN2kwrMmYybctfVaJLXdaENb8C+Ii6QU5O9F28dRWk7 1ONlt97xJg9OdYd4L3reBbyOWml9oAUriQzhnbEeqjEcCvm/EgG22ux3Wg1pTfbT57lU 95/w== X-Gm-Message-State: AOJu0YxmL7MEIFZVemmjheGuuYQF4pr8u4ZIUWjhilSAgJyFLP0/Bb+F +J/bggv3cC1n8XmLtwv9PjpjVYf7DsY= X-Google-Smtp-Source: AGHT+IFftYOBCa2tj0MgisnRtklzfzu+Q6jBGuGhNTQUqgsM2Cg5ti3QFDR19t+xWCY5W2zfo41a3g== X-Received: by 2002:ac8:5847:0:b0:403:e895:155b with SMTP id h7-20020ac85847000000b00403e895155bmr557060qth.34.1691613652972; Wed, 09 Aug 2023 13:40:52 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:52 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com Subject: [PATCH 4/7 v2] libsepol: update CIL generation for trivial not-self rules Date: Wed, 9 Aug 2023 16:40:43 -0400 Message-ID: <20230809204046.110783-5-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: Christian Göttsche Convert trivial not-self neverallow rules to CIL, e.g. neverallow TYPE1 ~self:CLASS1 PERM1; into (neverallow TYPE1 notself (CLASS1 (PERM1))) More complex targets are not yet supported in CIL and will fail to convert, e.g.: neverallow TYPE1 ~{ self ATTR1 } : CLASS1 PERM1; neverallow TYPE2 { ATTR2 -self } : CLASS2 PERM2; Signed-off-by: Christian Göttsche --- libsepol/src/module_to_cil.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index a6b6d66f..3e168285 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1188,10 +1188,23 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a goto exit; } - ts = &avrule->ttypes; - rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames); - if (rc != 0) { - goto exit; + if (avrule->flags & RULE_NOTSELF) { + if (!ebitmap_is_empty(&avrule->ttypes.types) || !ebitmap_is_empty(&avrule->ttypes.negset)) { + if (avrule->source_filename) { + log_err("%s:%lu: Non-trivial neverallow rules with targets containing not or minus self not yet supported", + avrule->source_filename, avrule->source_line); + } else { + log_err("Non-trivial neverallow rules with targets containing not or minus self not yet supported"); + } + rc = -1; + goto exit; + } + } else { + ts = &avrule->ttypes; + rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames); + if (rc != 0) { + goto exit; + } } for (s = 0; s < num_snames; s++) { @@ -1215,6 +1228,15 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a if (rc != 0) { goto exit; } + } else if (avrule->flags & RULE_NOTSELF) { + if (avrule->specified & AVRULE_XPERMS) { + rc = avrulex_to_cil(indent, pdb, avrule->specified, snames[s], "notself", avrule->perms, avrule->xperms); + } else { + rc = avrule_to_cil(indent, pdb, avrule->specified, snames[s], "notself", avrule->perms); + } + if (rc != 0) { + goto exit; + } } } From patchwork Wed Aug 9 20:40:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348500 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59036C001DE for ; Wed, 9 Aug 2023 20:40:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233893AbjHIUk5 (ORCPT ); Wed, 9 Aug 2023 16:40:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36262 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231251AbjHIUkz (ORCPT ); Wed, 9 Aug 2023 16:40:55 -0400 Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3CC91B4 for ; Wed, 9 Aug 2023 13:40:55 -0700 (PDT) Received: by mail-qt1-x832.google.com with SMTP id d75a77b69052e-4039f7e1d3aso1059851cf.0 for ; Wed, 09 Aug 2023 13:40:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613654; x=1692218454; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=w4hQGlSL+5HQZNgT92hnxF+TaaWzMkH6s/j07BXVAM4=; b=iMVz59TOXmfdmH0h9hEPg5Qe92DfITb14szjMzmRnyu6t4kxMQyn787GYwjIUErNVO r9XhEbwWU7K0pieesUX06p0nhFmzgwlI4AXAlZUZ/yRQTBpp/0vaGxWZCobRtNmeu7yt 48gXHBoS5Acjt4+JcTOov6Ae23jXCLfeUHvvM9stG0A5d7FeRqj8EqjzPDAiH9SwuD/E TY/UKrMXxvl9cKjfvkQcVI3kSXJo25aC+y1TzXffgpPSDtWoMe/omZt3k28zQIn8jxfy +NYVxJffASgGc6634MwpvG4Y2O3iGWJLeWKT4tE5DooJQzIs3uKfhCQg1U02qS0iNfh0 +aFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613654; x=1692218454; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w4hQGlSL+5HQZNgT92hnxF+TaaWzMkH6s/j07BXVAM4=; b=FBmFcCAGBGqqNBUlWHX+5y0Ul07wQGoA78CnYLDjlHwvqTcGwgkxhLW1eYO8SnJ05X QF9aKthwyJZf+Q7sHysy7SMVP7+RWilWOtUh2THXt2NDJHXV9Kljvzv9+aYgTmPK5oNy Ssx89TXkAzMnfps6f7i52G9RBUkZFwq2yXuOue89XexC4x4eYzOsKRSYlZeiJVRhETU2 E6aHRPlGkIE38in1NOsr+h3+sPsPsU9GUW9UvxFC48UFhHmX49SxHLvUg51a6Kj6zNby vNkDld9zYG1GCJAX2OGvHbx9cVzEsVXKGTAVJsiBWmkG+zJ8YuAvNAExkmVUIFypEhdy iB+g== X-Gm-Message-State: AOJu0YwjuZhWM1kmD4NDdMLELOwsI9j7Xy7RL9WnGB23jY/o5RI4MIYM vTpxX95tXFyN77bTqkptcHfq4sBP/hA= X-Google-Smtp-Source: AGHT+IH8uU24WJHM3injHy3XVLmUqHr7wldw+x2hsEzKM42xUg0hfV9zoEvNnauAJ0hEwPYK64XtWA== X-Received: by 2002:ac8:5d91:0:b0:403:c8c4:fd42 with SMTP id d17-20020ac85d91000000b00403c8c4fd42mr463508qtx.20.1691613654009; Wed, 09 Aug 2023 13:40:54 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:53 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 5/7 v2] libsepol: Use ERR() instead of log_err() Date: Wed, 9 Aug 2023 16:40:44 -0400 Message-ID: <20230809204046.110783-6-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Since log_err() has been removed, use ERR() instead of log_err() in module_to_cil.c. Signed-off-by: James Carter --- libsepol/src/module_to_cil.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 3e168285..d2868019 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1191,10 +1191,10 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a if (avrule->flags & RULE_NOTSELF) { if (!ebitmap_is_empty(&avrule->ttypes.types) || !ebitmap_is_empty(&avrule->ttypes.negset)) { if (avrule->source_filename) { - log_err("%s:%lu: Non-trivial neverallow rules with targets containing not or minus self not yet supported", + ERR(NULL, "%s:%lu: Non-trivial neverallow rules with targets containing not or minus self not yet supported", avrule->source_filename, avrule->source_line); } else { - log_err("Non-trivial neverallow rules with targets containing not or minus self not yet supported"); + ERR(NULL, "Non-trivial neverallow rules with targets containing not or minus self not yet supported"); } rc = -1; goto exit; From patchwork Wed Aug 9 20:40:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348502 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BAB95C001E0 for ; Wed, 9 Aug 2023 20:40:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231251AbjHIUk7 (ORCPT ); Wed, 9 Aug 2023 16:40:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36322 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234260AbjHIUk5 (ORCPT ); Wed, 9 Aug 2023 16:40:57 -0400 Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7B8B318E for ; Wed, 9 Aug 2023 13:40:56 -0700 (PDT) Received: by mail-qt1-x82c.google.com with SMTP id d75a77b69052e-40ff57072f2so1133861cf.1 for ; Wed, 09 Aug 2023 13:40:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613655; x=1692218455; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=eED9xT+bQFpy/LRznxA4ehobxhNVbWmlwqZk22QEL3w=; b=n03IonM2h94DjZ16kkOEfOUiYuSs6bsa1VwpKTIY0IXk6wX22z7y2zmu8FwGwo9rvq kfh0x139CwezEv5JuDnDC6M7Xi60z7KQc9z5pGcfUmFdP0Tvyq1tnAgEVVuSG1KJue+d o7ddZ9JU9XfAonQYTaNAjJnHX27/D3e8OhkG4+Ap8YpnQZNSzrz0IRi+61jlhrWrEVxf Y5i696Ub9FB/UkvexHAVkSWH/9beWa0ZSvUqxu0f6OXu4/CQCsl+eBupk6IZMkRQAE8r o48lk1x40QjVCNntP6naxtSQ/DM3x8VJMln0+vQBMiIyrmwo0TzwcrVVpi27WgeU3lNW IElg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613655; x=1692218455; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eED9xT+bQFpy/LRznxA4ehobxhNVbWmlwqZk22QEL3w=; b=Hxit6YWVVYlXiETxLWaGniriuRLV5ZtCS62QOxyNalK8KcPoB1s2C5e/3+c1q8Buwm DClAcBm8VrqaqiRji98Nzv0NZWFMX0ZekN7ciLvZ8yKuPr3EHUltkF/InyFsWl3Gzbp8 /YnJPaamfqJ7CW38dPudFXyiJhhimlV0rt3JAh0cxAxUKr8I81KXgGGLjR0LPlzSNKnP FRsAoPW4l7Iu9Gw+rD6xK3BAJwN9ucQL3CQZf1ZYH/Ia+AoqobrGB4yicJh0iVyyYimR olQetkuQWrch9+VVXGWzRWyeM/plI/wScHN+lxInuC1LiXrh8690tm+L02jyUdGXt8wx KBrw== X-Gm-Message-State: AOJu0Yzell8CLaQBTdDwe+DV4WLJWxBbPk0mp2EDgUOpXnnUKbAnvy8U sVLiwIX/qKkP2MpoyxdZhb6MdokJCqg= X-Google-Smtp-Source: AGHT+IHPZyJ/MQHT72heugVZeMcOmuAPMknYdyXJviJWJhUBzo/UAUpuLAjVYlg+n4IBtPkcJQYztA== X-Received: by 2002:a05:622a:246:b0:403:b4bd:8052 with SMTP id c6-20020a05622a024600b00403b4bd8052mr48736qtx.15.1691613654903; Wed, 09 Aug 2023 13:40:54 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:54 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 6/7 v2] secilc/docs: Add notself and other keywords to CIL documentation Date: Wed, 9 Aug 2023 16:40:45 -0400 Message-ID: <20230809204046.110783-7-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Also reorganize the access vector rules section to minimize duplication explanation of the parts of access vector rules. Signed-off-by: James Carter --- secilc/docs/README.md | 1 - secilc/docs/cil_access_vector_rules.md | 244 +++---------------------- secilc/docs/cil_reference_guide.md | 9 - secilc/docs/secil.xml | 2 + 4 files changed, 32 insertions(+), 224 deletions(-) diff --git a/secilc/docs/README.md b/secilc/docs/README.md index efab2a71..5e00fc3b 100644 --- a/secilc/docs/README.md +++ b/secilc/docs/README.md @@ -17,7 +17,6 @@ CIL (Common Intermediate Language) * [Global Namespace](cil_reference_guide.md#global-namespace) * [Expressions](cil_reference_guide.md#expressions) * [Name String](cil_reference_guide.md#name-string) - * [self](cil_reference_guide.md#self) * [Example CIL Policy](../test/policy.cil) * [Access Vector Rules](cil_access_vector_rules.md#access-vector-rules) diff --git a/secilc/docs/cil_access_vector_rules.md b/secilc/docs/cil_access_vector_rules.md index f0ba4a90..034185da 100644 --- a/secilc/docs/cil_access_vector_rules.md +++ b/secilc/docs/cil_access_vector_rules.md @@ -1,15 +1,12 @@ Access Vector Rules =================== -allow ------ - -Specifies the access allowed between a source and target type. Note that access may be refined by constraint rules based on the source, target and class ([`validatetrans`](cil_constraint_statements.md#validatetrans) or [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)) or source, target class and permissions ([`constrain`](cil_constraint_statements.md#constrain) or [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain) statements). +Rules involving a source type, a target type, and class permissions or extended permissions. **Rule definition:** ```secil - (allow source_id target_id|self classpermissionset_id ...) + (av_flavor source_id target_id|self|notself|other classpermission_id|permissionx_id) ``` **Where:** @@ -21,9 +18,8 @@ Specifies the access allowed between a source and target type. Note that access -

allow

-

The allow keyword.

- +

av_flavor

+

The flavor of access vector rule. Possible flavors are allow, auditallow, dontaudit, neverallow, allowx, auditallowx, dontauditx, neverallowx.

source_id

A single previously defined source type, typealias or typeattribute identifier.

@@ -31,15 +27,31 @@ Specifies the access allowed between a source and target type. Note that access

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

+

Instead it can be one of the special keywords self, notself or other.

+

The self keyword may be used to signify that source and target are the same. If the source is an attribute, each type of the source will be paired with itself as the target. The notself keyword may be used to signify that the target is all types except for the types of the source. The other keyword may be used as a short-hand way of writing a rule for each type of the source where it is paired with all of the other types of the source as the target.

-

classpermissionset_id

-

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

+

classpermission_id

+

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers. Used for allow, auditallow, dontaudit, neverallow rules.

+ + +

permissionx_id

+

A single named or anonymous permissionx. Used for allowx, auditallowx, dontauditx, neverallowx rules.

+allow +----- + +Specifies the access allowed between a source and target type. Note that access may be refined by constraint rules based on the source, target and class ([`validatetrans`](cil_constraint_statements.md#validatetrans) or [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)) or source, target class and permissions ([`constrain`](cil_constraint_statements.md#constrain) or [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain) statements). + +**Rule definition:** + +```secil + (allow source_id target_id|self|notself|other classpermissionset_id ...) +``` + **Examples:** These examples show a selection of possible permutations of [`allow`](cil_access_vector_rules.md#allow) rules: @@ -97,37 +109,9 @@ Audit the access rights defined if there is a valid allow rule. Note: It does NO **Rule definition:** ```secil - (auditallow source_id target_id|self classpermissionset_id ...) + (auditallow source_id target_id|self|notself|other classpermissionset_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

auditallow

The auditallow keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will log an audit event whenever the corresponding [`allow`](cil_access_vector_rules.md#allow) rule grants access to the specified permissions: @@ -148,37 +132,9 @@ Note that these rules can be omitted by the CIL compiler command line parameter **Rule definition:** ```secil - (dontaudit source_id target_id|self classpermissionset_id ...) + (dontaudit source_id target_id|self|notself|other classpermissionset_id ...) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

dontaudit

The dontaudit keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will not audit the denied access: @@ -197,37 +153,9 @@ Note that these rules can be over-ridden by the CIL compiler command line parame **Rule definition:** ```secil - (neverallow source_id target_id|self classpermissionset_id ...) + (neverallow source_id target_id|self|notself|other classpermissionset_id ...) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

neverallow

The neverallow keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will not compile as `type_3` is not allowed to be a source type for the [`allow`](cil_access_vector_rules.md#allow) rule: @@ -258,37 +186,9 @@ Note that for this to work there must *also* be valid equivalent [`allow`](cil_a **Rule definition:** ```secil - (allowx source_id target_id|self permissionx_id) + (allowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

allowx

The allowx keyword.

source_id

A single previously defined source type, typealias, or typeattribute identifier.

target_id

A single previously defined target type, typealias, or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** These examples show a selection of possible permutations of [`allowx`](cil_access_vector_rules.md#allowx) rules: @@ -313,37 +213,9 @@ Note that for this to work there must *also* be valid equivalent [`auditallow`]( **Rule definition:** ```secil - (auditallowx source_id target_id|self permissionx_id) + (auditallowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

auditallowx

The auditallowx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will log an audit event whenever the corresponding [`allowx`](cil_access_vector_rules.md#allowx) rule grants access to the specified extended permissions: @@ -367,37 +239,9 @@ Note that these rules can be omitted by the CIL compiler command line parameter **Rule definition:** ```secil - (dontauditx source_id target_id|self permissionx_id) + (dontauditx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

dontauditx

The dontauditx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will not audit the denied access: @@ -416,37 +260,9 @@ Note that these rules can be over-ridden by the CIL compiler command line parame **Rule definition:** ```secil - (neverallowx source_id target_id|self permissionx_id) + (neverallowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

neverallowx

The neverallowx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will not compile as `type_3` is not allowed to be a source type and ioctl range for the [`allowx`](cil_access_vector_rules.md#allowx) rule: diff --git a/secilc/docs/cil_reference_guide.md b/secilc/docs/cil_reference_guide.md index ac800b12..d1d3ff16 100644 --- a/secilc/docs/cil_reference_guide.md +++ b/secilc/docs/cil_reference_guide.md @@ -316,12 +316,3 @@ Alternatively: (typetransition audit.process device.device chr_file ARG1 device.klog_device) ) ``` - -self ----- - -The [`self`](cil_reference_guide.md#self) keyword may be used as the target in AVC rule statements, and means that the target is the same as the source as shown in the following example:. - -```secil - (allow unconfined.process self (file (read write))) -``` diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml index 38d7b030..60314e9a 100644 --- a/secilc/docs/secil.xml +++ b/secilc/docs/secil.xml @@ -145,6 +145,8 @@ r3 sctp self + notself + other t1 t2 t3 From patchwork Wed Aug 9 20:40:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13348501 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 671CCC04A94 for ; Wed, 9 Aug 2023 20:40:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229769AbjHIUk6 (ORCPT ); Wed, 9 Aug 2023 16:40:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234189AbjHIUk5 (ORCPT ); Wed, 9 Aug 2023 16:40:57 -0400 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EFA22B4 for ; Wed, 9 Aug 2023 13:40:56 -0700 (PDT) Received: by mail-qk1-x72b.google.com with SMTP id af79cd13be357-76c845dc5beso18600285a.1 for ; Wed, 09 Aug 2023 13:40:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1691613655; x=1692218455; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=GdAXdjPlcJJZnuSjjAZTF+V3dXht2gjja8vY+HRLBug=; b=VYmNge/TV1nDvZyGzMoSGhd9oLqBEG8YY/3zl1yelyjswrhRq3GmgzR0Ey7+WdxX2E +PilMd8GWZkM8YA0PCPwx+FpeTaAgO0z2f9kDl391Hc2QG6tKeFvgdTbEeQr38/LDRcH qT0IeDHmRB/UpE8ljL5HLXFhN2q8ut6Rv3txVgH6nytYOoIl1aXJg9K2RMhNaUDPmRfD RUc2CF2uf17ShCBDsKk6YcnlXgavOB9tzYY8yKOV3FjDdrir3aC94Ah5uETF/B9cCv+0 zDV+3KAf7XZlKec2xt98LBP1nw+k9NrtMaoXo14y5aDmWkdXKR9Wlutv4tvicHjrQec/ /VpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691613655; x=1692218455; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GdAXdjPlcJJZnuSjjAZTF+V3dXht2gjja8vY+HRLBug=; b=fzFGA4LheAgouBzwZAMBdoro/O5XKN2AyUu6GyCeOmJw08Ryd7gv8+FExg1lzb3lrC FTJMOOOz6MbgCtOT1VC50cr5PosKNoWkheF4kDSW3JKCldl9SbWGOpCpXwHUepxHpFgt NhGAv9SJPuqZnZX/jvSE0EohuVdxXgHcjxKFwqE1Y/8NEIhqgY2/+sSY+XbRUnL+xM4G +W9tNVo+qrbHyqSogdX28GjyflfilojrcBzsI5TvCxKINK41UUnk4ynhU9lVXoEyunlv T3dorin80a+WvGJ4cxcy+yiepKzZAfYzRxMlDSKEKmg8Xo54qEdjLUPuFVJN+X23iflL VP4g== X-Gm-Message-State: AOJu0YyWsmW0Hj8MDnbtqumfzBkT4wpLFYkQ05DPwU4kApPLoYau1nKO WqJnAbKWjMo4zPulHUY7SS30BvVsQyw= X-Google-Smtp-Source: AGHT+IEAIZ2xMRqJB9d0474EfMo9UlrekK+BJs7EFMBjpU/JIadD9BMVv1AF76Dp1q0pm9wH16zzdg== X-Received: by 2002:a05:622a:52:b0:40d:4c6:bcdf with SMTP id y18-20020a05622a005200b0040d04c6bcdfmr600797qtw.35.1691613655660; Wed, 09 Aug 2023 13:40:55 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id u18-20020a05622a14d200b0041020e8e261sm711295qtx.1.2023.08.09.13.40.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Aug 2023 13:40:55 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter Subject: [PATCH 7/7 v2] secilc/test: Add notself and other tests Date: Wed, 9 Aug 2023 16:40:46 -0400 Message-ID: <20230809204046.110783-8-jwcart2@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230809204046.110783-1-jwcart2@gmail.com> References: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: James Carter --- secilc/test/notself_and_other.cil | 65 +++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 secilc/test/notself_and_other.cil diff --git a/secilc/test/notself_and_other.cil b/secilc/test/notself_and_other.cil new file mode 100644 index 00000000..9b33bfcb --- /dev/null +++ b/secilc/test/notself_and_other.cil @@ -0,0 +1,65 @@ +(class CLASS (PERM)) +(class C1 (p1a p1b p1c p1d p1e)) +(classorder (CLASS C1)) +(sid SID) +(sidorder (SID)) +(user USER) +(role ROLE) +(type TYPE) +(category CAT) +(categoryorder (CAT)) +(sensitivity SENS) +(sensitivityorder (SENS)) +(sensitivitycategory SENS (CAT)) +(allow TYPE self (CLASS (PERM))) +(roletype ROLE TYPE) +(userrole USER ROLE) +(userlevel USER (SENS)) +(userrange USER ((SENS)(SENS (CAT)))) +(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) + +(type ta) +(type tb) +(type tc) +(type td) + +(typeattribute aab) +(typeattributeset aab (ta tb)) + +(typeattribute aac) +(typeattributeset aac (ta tc)) + +(typeattribute abc) +(typeattributeset abc (tb tc)) + +(typeattribute aabc) +(typeattributeset aabc (ta tb tc)) + +(typeattribute a_all_not_ta) +(typeattributeset a_all_not_ta (and (all) (not ta))) + +(typeattribute a_all_not_aab) +(typeattributeset a_all_not_aab (and (all) (not aab))) + +; Test 01 +(allow ta notself (C1 (p1a))) +; (neverallow ta a_all_not_ta (C1 (p1a))) ; This check should fail + +; Test 02 +(allow aab notself (C1 (p1b))) +; (neverallow aab a_all_not_aab (C1 (p1b))) ; This check should fail + +; Test 03 +(allow aab other (C1 (p1c))) +; (neverallow ta tb (C1 (p1c))) ; This check should fail +; (neverallow tb ta (C1 (p1c))) ; This check should fail + +; Test 04 +(allow aabc other (C1 (p1d))) +; (neverallow ta abc (C1 (p1d))) ; This check should fail +; (neverallow tb aac (C1 (p1d))) ; This check should fail +; (neverallow tc aab (C1 (p1d))) ; This check should fail + +; Test 05 +(allow ta other (C1 (p1e))) ; other used with a single type results in no rule +(neverallow ta a_all_not_ta (C1 (p1e)))