On Tue, 2009-07-07 at 09:48 -0400, Christopher Pardy wrote:
> Currently any changes made to the policy which require committing a handle cause dontaudit rules to be disabled. This is confusing, and frustrating for users who want to edit policy with dontaudit rules turned off. This patch allows semanage to remember the last state of the dontaudit rules and apply them as default whenever a handle is created. Additionally other functions may check for the file semanage creates to determine if dontaudit rules are turned on. This knowledge can be useful for tools like SETroubleshoot which may want to change their behavior depending on the state of the dontaudit rules. In the event that a the file cannot be created the dontaudit rules dont change and errors are set.
>
> Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>
As before:
1. Move the logic to initialize the flag from semanage_handle_create()
to semanage_direct_connect() after the semanage_access_check() call.
2. Justify why we need to call set_disable_dontaudit_flag() from
semanage_commit() - it should have been initialized upon connect and can
only change upon semanage_set_disable_dontaudit() and thus should
already be correct. If we truly do need it, move to
semanage_direct_commit(), but explain why first please - I don't see the
rationale (better yet, test without it and demonstrate that it doesn't
work otherwise!).
And your coding style isn't quite right - add a space between if and (,
between ) and {, and between { and else in
semanage_set_disable_dontaudit. And no extraneous whitespace in the
patch (you add an extra empty line to semanage_handle_create after
sh->do_reload gets set).
Thanks.
> ---
> libsemanage/include/semanage/handle.h | 8 +++++-
> libsemanage/src/direct_api.c | 40 ++++++++++++++++++++++++++++++++++
> libsemanage/src/direct_api.h | 5 ++++
> libsemanage/src/handle.c | 21 ++++++++++++++++-
> libsemanage/src/libsemanage.map | 2 -
> libsemanage/src/semanage_store.c | 1
> libsemanage/src/semanage_store.h | 1
> 7 files changed, 74 insertions(+), 4 deletions(-)
>
> diff -urpN selinux.orig2/libsemanage/include/semanage/handle.h selinux.orig3/libsemanage/include/semanage/handle.h
> --- selinux.orig2/libsemanage/include/semanage/handle.h 2009-07-01 21:15:17.224235939 -0400
> +++ selinux.orig3/libsemanage/include/semanage/handle.h 2009-07-07 09:37:35.888570766 -0400
> @@ -69,7 +69,13 @@ void semanage_set_rebuild(semanage_handl
> * 1 for yes, 0 for no (default) */
> void semanage_set_create_store(semanage_handle_t * handle, int create_store);
>
> -/* Set whether or not to disable dontaudits upon commit */
> +/*Get whether or not to dontaudits will be disabled upon commit */
> +int semanage_get_disable_dontaudit(semanage_handle_t * handle);
> +
> +/* Set whether or not to disable dontaudits upon commit
> + * Sets errno to 0 if successful. Otherwise sets errno
> + * to any of the errors specified by fopen,fclose, or remove.
> + */
> void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
>
> /* Check whether policy is managed via libsemanage on this system.
> diff -urpN selinux.orig2/libsemanage/src/direct_api.c selinux.orig3/libsemanage/src/direct_api.c
> --- selinux.orig2/libsemanage/src/direct_api.c 2009-07-01 21:15:17.264236347 -0400
> +++ selinux.orig3/libsemanage/src/direct_api.c 2009-07-07 09:19:28.174321784 -0400
> @@ -293,6 +293,46 @@ static int semanage_direct_begintrans(se
> return 0;
> }
>
> +/*********Dont audit functions*************/
> +
> +/* Creates, removes, and tests for the existance of a dont audit flag.
> + */
> +
> +int get_disable_dontaudit_flag(void)
> +{
> + const char *path;
> +
> + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT);
> + if(access(path,F_OK) == 0)
> + return 1;
> + else
> + return 0;
> +}
> +
> +int set_disable_dontaudit_flag(int setting)
> +{
> + const char *path;
> + int retcode;
> +
> + retcode = 0;
> +
> + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT);
> + if(setting == 1){
> + FILE *touch;
> + touch = fopen(path,"w");
> + if (touch != NULL)
> + if(fclose(touch) != 0)
> + retcode = -1;
> + else
> + retcode = -1;
> + }else
> + if(remove(path) == -1 && errno != ENOENT)
> + retcode = -1
> +
> + return retcode;
> +}
> +
> +
> /********************* utility functions *********************/
>
> /* Takes a module stored in 'module_data' and parses its headers.
> diff -urpN selinux.orig2/libsemanage/src/direct_api.h selinux.orig3/libsemanage/src/direct_api.h
> --- selinux.orig2/libsemanage/src/direct_api.h 2009-07-01 21:15:17.270235734 -0400
> +++ selinux.orig3/libsemanage/src/direct_api.h 2009-07-07 08:50:24.620326359 -0400
> @@ -39,6 +39,11 @@ int semanage_direct_access_check(struct
>
> int semanage_direct_mls_enabled(struct semanage_handle *sh);
>
> +int get_disable_dontaudit_flag(void);
> +
> +/*returns a 0 on success*/
> +int set_disable_dontaudit_flag(int setting);
> +
> #include <stdio.h>
> #include <unistd.h>
> ssize_t bunzip(FILE *f, char **data);
> diff -urpN selinux.orig2/libsemanage/src/handle.c selinux.orig3/libsemanage/src/handle.c
> --- selinux.orig2/libsemanage/src/handle.c 2009-07-01 21:15:17.288238017 -0400
> +++ selinux.orig3/libsemanage/src/handle.c 2009-07-07 09:44:23.677572218 -0400
> @@ -23,6 +23,7 @@
>
> #include <selinux/selinux.h>
>
> +#include <errno.h>
> #include <stdarg.h>
> #include <assert.h>
> #include <stdlib.h>
> @@ -59,6 +60,9 @@ semanage_handle_t *semanage_handle_creat
> goto err;
> sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh);
>
> + /*set the disable dontaudit flag to system defaults*/
> + sepol_set_disable_dontaudit(sh->sepolh,get_disable_dontaudit_flag());
> +
> /* By default do not rebuild the policy on commit
> * If any changes are made, this flag is ignored */
> sh->do_rebuild = 0;
> @@ -66,6 +70,7 @@ semanage_handle_t *semanage_handle_creat
> /* By default always reload policy after commit if SELinux is enabled. */
> sh->do_reload = (is_selinux_enabled() > 0);
>
> +
> /* By default do not create store */
> sh->create_store = 0;
>
> @@ -110,11 +115,22 @@ void semanage_set_create_store(semanage_
> return;
> }
>
> +int semanage_get_disable_dontaudit(semanage_handle_t * sh)
> +{
> + assert(sh != NULL);
> +
> + return sepol_get_disable_dontaudit(sh->sepolh);
> +}
> +
> void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
> {
> assert(sh != NULL);
> + if(set_disable_dontaudit_flag(disable_dontaudit) == 0){
> + sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
> + errno = 0;
> + }else
> + ERR(sh,"Could not set disable dontaudit flag of handle.");
>
> - sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
> return;
> }
>
> @@ -264,9 +280,10 @@ int semanage_commit(semanage_handle_t *
> assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL);
> if (!sh->is_in_transaction) {
> ERR(sh,
> - "Will not commit because caller does not have a tranaction lock yet.");
> + "Will not commit because caller does not have a transaction lock yet.");
> return -1;
> }
> + set_disable_dontaudit_flag(sepol_get_disable_dontaudit(sh->sepolh));
> retval = sh->funcs->commit(sh);
> sh->is_in_transaction = 0;
> sh->modules_modified = 0;
> diff -urpN selinux.orig2/libsemanage/src/libsemanage.map selinux.orig3/libsemanage/src/libsemanage.map
> --- selinux.orig2/libsemanage/src/libsemanage.map 2009-07-01 21:15:17.290237650 -0400
> +++ selinux.orig3/libsemanage/src/libsemanage.map 2009-07-06 13:26:53.591167982 -0400
> @@ -15,7 +15,7 @@ LIBSEMANAGE_1.0 {
> semanage_iface_*; semanage_port_*; semanage_context_*;
> semanage_node_*;
> semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
> - semanage_is_connected; semanage_set_disable_dontaudit;
> + semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
> semanage_mls_enabled;
> local: *;
> };
> diff -urpN selinux.orig2/libsemanage/src/semanage_store.c selinux.orig3/libsemanage/src/semanage_store.c
> --- selinux.orig2/libsemanage/src/semanage_store.c 2009-07-01 21:15:17.271236564 -0400
> +++ selinux.orig3/libsemanage/src/semanage_store.c 2009-07-06 13:26:53.598164077 -0400
> @@ -114,6 +114,7 @@ static const char *semanage_sandbox_path
> "/users_extra",
> "/netfilter_contexts",
> "/file_contexts.homedirs",
> + "/disable_dontaudit",
> };
>
> /* A node used in a linked list of file contexts; used for sorting.
> diff -urpN selinux.orig2/libsemanage/src/semanage_store.h selinux.orig3/libsemanage/src/semanage_store.h
> --- selinux.orig2/libsemanage/src/semanage_store.h 2009-07-01 21:15:17.262235597 -0400
> +++ selinux.orig3/libsemanage/src/semanage_store.h 2009-07-06 13:26:53.626166474 -0400
> @@ -58,6 +58,7 @@ enum semanage_sandbox_defs {
> SEMANAGE_USERS_EXTRA,
> SEMANAGE_NC,
> SEMANAGE_FC_HOMEDIRS,
> + SEMANAGE_DISABLE_DONTAUDIT,
> SEMANAGE_STORE_NUM_PATHS
> };
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
