On 1/16/20 3:34 PM, Stephen Smalley wrote:
On 1/16/20 3:01 PM, Stephen Smalley wrote:
libsepol carried its own (outdated) copy of flask.h with the generated
security class and initial SID values for use by the policy
compiler and the forked copy of the security server code
leveraged by tools such as audit2why. Convert libsepol and
checkpolicy entirely to looking up class values from the policy,
remove the SECCLASS_* definitions from its flask.h header, and move
the header with its remaining initial SID definitions private to
libsepol. While we are here, fix the sepol_compute_sid() logic to
properly support features long since added to the policy and kernel,
although there are no users of it other than checkpolicy -d (debug)
and it is not exported to users of the shared library. There
are still some residual differences between the kernel logic and
libsepol.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
I see that this fails travis-ci; looks like the problem is that it
trades using hardcoded values for SECCLASS_PROCESS and _DIR and the
PROCESS__TRANSITION/DYNTRANSITION permissions for requiring the strings
to be present in the policy and that isn't true of some test policies.
The kernel does require at least the process class and perms to be
present or it will reject the policy at load time presently (when it was
likewise converted long ago as part of dynamic class/perm support).
Options:
- Weaken the restrictions in libsepol's policydb_read and accept the
fact that the class/perm values may be zero subsequently within libsepol.
- Change the test policies to at least provide this minimal set.
The "dir" class isn't currently mapped at load time by the kernel but it
unmaps it for genfs_sid() matching so it still expects it to be present.
I guess if nothing else it ought to be conditional on
SEPOL_TARGET_SELINUX to avoid breaking Xen policies.
