|
Hi Stephen, > Subject: Re: [v0 PATCH 2/3] SELinux: Compute role in newcontext for all classes > From: sds@xxxxxxxxxxxxx > To: qingtao.cao@xxxxxxxxxxxxx > CC: jmorris@xxxxxxxxx; eparis@xxxxxxxxxxxxxx; selinux@xxxxxxxxxxxxx > Date: Wed, 23 Mar 2011 09:31:52 -0400 > > On Wed, 2011-03-23 at 10:28 +0800, Harry Ciao wrote: > > From: Harry Ciao <harrytaurus200@xxxxxxxxxxx> > > > > For the process class, the role_trans.type is compared with > > tcontext->type, that is, the program executable type. > > > > For all the rest classes, the role_trans.type is compared with > > newcontext.type, that is, the type for the newly created object > > of that class. > > I don't understand why you aren't applying the logic consistently for > all classes. Compare with range_trans handling. Also, if we think > there will be any significant numbe! r of these role_trans rules, you > might want to go ahead and start using a hashtab as was later done for > range_trans for efficient lookup. Suppose we have below role_transition rule: role_transition sysadm_r user_home_t : dir sysadm_r; If roletr->type compared with newcontext.type, then it means that if sysadm_r is creating an directory object with type equals to user_home_t, then the directory object will have a role of sysadm_r. However, if roletr->type is compared with tcontext->type, then the semantics would be changed to that any objects of any class created by sysadm_r in a directory object of the user_home_t type would have their role set to sysadm_r, since in selinux_inode_init_security(), dir->i_security is passed as tsid always. I guess the former approach could have much refined control on the objects role, if objects are of different types, then they could assume different roles, not necessarily all f! iles in one directory have to share the same role. What you thi nk? BTW, I came to the idea to use hashtab structure to manage range_tr too, and this could be a separate development activity that I could do later. Thanks a lot! Best regards, Harry > > > > > Signed-off-by: Harry Ciao <qingtao.cao@xxxxxxxxxxxxx> > > --- > > security/selinux/ss/services.c | 23 ++++++++++++----------- > > 1 files changed, 12 insertions(+), 11 deletions(-) > > > > diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c > > index a03cfaf..01fc3d5 100644 > > --- a/security/selinux/ss/services.c > > +++ b/security/selinux/ss/services.c > > @@ -1443,17 +1443,18 @@ static int security_compute_sid(u32 ssid, > > } > > > > /* Check for class-specific changes. */ > > - if (tclass == policydb.process_class) { > > - if (specified & AVTAB_TRANSITION) ! { > > - /* Look for a role transition rule. */ > > - for (roletr = policydb.role_tr; roletr; > > - roletr = roletr->next) { > > - if (roletr->role == scontext->role && > > - roletr->type == tcontext->type) { > > - /* Use the role transition rule. */ > > - newcontext.role = roletr->new_role; > > - break; > > - } > > + if (specified & AVTAB_TRANSITION) { > > + /* Look for a role transition rule. */ > > + for (roletr = policydb.role_tr; roletr; roletr = roletr->next) { > > + if ((roletr->role == scontext->role) && > > + (roletr->cclass == tclass) && > > + ((roletr->cclass == policydb.process_class && > > + roletr->type == tcontext->type) || > > + (roletr->cclass != policydb.process_cl! ass && > > + roletr->type == newcontext.ty pe))){ > > + /* Use the role transition rule. */ > > + newcontext.role = roletr->new_role; > > + break; > > } > > } > > } > > -- > Stephen Smalley > National Security Agency > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > the words "unsubscribe selinux" without quotes as the message. |
