James Carter <jwcart2@xxxxxxxxx> writes:
> On Mon, Jun 12, 2023 at 5:50 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>>
>> Many of the initial SIDs are no longer used by the kernel, so
>> translating them to the legacy names doesn't bring much value. Clear the
>> legacy names from the table and let the code translate them to the
>> fallback "unknown" names instead.
>>
>> Note that this only affects the generated text output when converting
>> policies from binary to text form. The text policy languages let the
>> policy define its own names for the initial SIDs based on the order in
>> which they are declared, so the table is never used to convert from name
>> to SID. Thus this is just a cosmetic change and has no functional
>> impact.
>>
>> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
>
> For these two patches:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
Both merged. Thanks!
>> ---
>> libsepol/src/kernel_to_cil.c | 4 ++--
>> libsepol/src/kernel_to_common.h | 36 ++++++++++++++++-----------------
>> libsepol/src/kernel_to_conf.c | 4 ++--
>> libsepol/src/module_to_cil.c | 2 +-
>> 4 files changed, 23 insertions(+), 23 deletions(-)
>>
>> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
>> index e9cd89c2..bd04c087 100644
>> --- a/libsepol/src/kernel_to_cil.c
>> +++ b/libsepol/src/kernel_to_cil.c
>> @@ -567,7 +567,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
>>
>> for (isid = isids; isid != NULL; isid = isid->next) {
>> i = isid->sid[0];
>> - if (i < num_sids) {
>> + if (i < num_sids && sid_to_str[i]) {
>> sid = (char *)sid_to_str[i];
>> } else {
>> snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
>> @@ -2577,7 +2577,7 @@ static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const
>>
>> for (isid = pdb->ocontexts[0]; isid != NULL; isid = isid->next) {
>> i = isid->sid[0];
>> - if (i < num_sids) {
>> + if (i < num_sids && sid_to_str[i]) {
>> sid = (char *)sid_to_str[i];
>> } else {
>> snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
>> diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h
>> index 159c4289..6073ff3a 100644
>> --- a/libsepol/src/kernel_to_common.h
>> +++ b/libsepol/src/kernel_to_common.h
>> @@ -13,33 +13,33 @@
>> // initial sid names aren't actually stored in the pp files, need to a have
>> // a mapping, taken from the linux kernel
>> static const char * const selinux_sid_to_str[] = {
>> - "null",
>> + NULL,
>> "kernel",
>> "security",
>> "unlabeled",
>> - "fs",
>> + NULL,
>> "file",
>> - "file_labels",
>> - "init",
>> + NULL,
>> + NULL,
>> "any_socket",
>> "port",
>> "netif",
>> "netmsg",
>> "node",
>> - "igmp_packet",
>> - "icmp_socket",
>> - "tcp_socket",
>> - "sysctl_modprobe",
>> - "sysctl",
>> - "sysctl_fs",
>> - "sysctl_kernel",
>> - "sysctl_net",
>> - "sysctl_net_unix",
>> - "sysctl_vm",
>> - "sysctl_dev",
>> - "kmod",
>> - "policy",
>> - "scmp_packet",
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> + NULL,
>> "devnull",
>> };
>>
>> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
>> index c48a7114..3be87184 100644
>> --- a/libsepol/src/kernel_to_conf.c
>> +++ b/libsepol/src/kernel_to_conf.c
>> @@ -464,7 +464,7 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
>>
>> for (isid = isids; isid != NULL; isid = isid->next) {
>> i = isid->sid[0];
>> - if (i < num_sids) {
>> + if (i < num_sids && sid_to_str[i]) {
>> sid = (char *)sid_to_str[i];
>> } else {
>> snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
>> @@ -2445,7 +2445,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
>>
>> for (isid = pdb->ocontexts[0]; isid != NULL; isid = isid->next) {
>> i = isid->sid[0];
>> - if (i < num_sids) {
>> + if (i < num_sids && sid_to_str[i]) {
>> sid = (char *)sid_to_str[i];
>> } else {
>> snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
>> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
>> index e7bc6ee6..a46775ca 100644
>> --- a/libsepol/src/module_to_cil.c
>> +++ b/libsepol/src/module_to_cil.c
>> @@ -2549,7 +2549,7 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
>>
>> for (isid = isids; isid != NULL; isid = isid->next) {
>> i = isid->sid[0];
>> - if (i < num_sids) {
>> + if (i < num_sids && sid_to_string[i]) {
>> sid = (char*)sid_to_string[i];
>> } else {
>> snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
>> --
>> 2.40.1
>>
