Joshua Brindle wrote:
> KaiGai Kohei wrote:
>>>> Hmm....
>>>> It seems to me what you pointed out is a bug of my patch. It prevents to deliver
>>>> actual number of type/attribute symbols to policy file, but it is unclear why does
>>>> it makes libsepol ignore the policyvers.
>>>> (I guess it may be a separated matter.)
>>>>
>>>>
>>>>> Rather than trying to calculate the length without attributes I just removed
>>>>> the attribute check. This causes attributes to be written for all versions,
>>>>> but this should not cause any problems at all.
>>>>>
>>>> The reason why I injected such an ad-hoc code is that we cannot decide the policy
>>>> version written when type_attr_remove() is invoked.
>>>> Is it impossible to move it to policydb_write()?
>>>> It is invoked after the policyvers is fixed by caller.
>>>>
>>> It isn't impossible. You are going to have to make it walk to type
>>> symbol table to calculate the length without attributes, then write
>>> that length instead of the total symtab length.
>>>
>> The attached patch enables to fixup the number of type/attribute entries
>> to be written. The type_attr_uncount() decrements the number of attribute
>> entries skipped at type_write().
>>
>> At first, I had a plan to invoke type_attr_remove() with
>> hashtab_map_remove_on_error(), but it means the given policydb structure
>> is modified at policydb_write() and implicit changes to external interface.
>>
>>
>
> This does not cause a hierarchy error, is this an expected limitation?
>
> typebounds goodbye_world_t hello_world_t;
>
> allow hello_world_t self: file ~{read };
>
> allow goodbye_world_t self: file *;
This case should not cause a hierarchy error.
Please assume a domain "S" is a bounds of "S.sub" and a type "T" is a bounds of
"T.sub", and P(x,y) means permissions between "x" and "y".
As you know, the hierarchy constraint has the following rules.
1. P(S.sub, T) is equal or smaller than P(S, T)
2. P(S, T.sub) is equal or smaller than P(S, T)
3. P(S.sub, T.sub) is equal or smaller than P(S, T)
4. rest of permissions are violated.
Your case matches the third rule which should be allowed.
P(hello_world_t, hello_world_t) = file : ~{ read }
is equal or smaller than
P(goodbye_world_t, goodbye_world_t) = file : *
It is an expected behavior, not a limitation.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
