From: Mike Palmiotto <mike.palmiotto@crunchydata.com>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@vger.kernel.org
Subject: Re: [PATCH] libselinux: fix string conversion of unknown perms
Date: Tue, 17 Sep 2019 09:20:36 -0400 [thread overview]
Message-ID: <CAMN686GeYV3HcOaUAiu-yg7kiy1ybFCH=6pMG3b5AE_AOutTEA@mail.gmail.com> (raw)
In-Reply-To: <088debd8-0781-99ab-48a9-30bfa2e7a776@tycho.nsa.gov>
On Mon, Sep 16, 2019 at 4:01 PM Stephen Smalley <sds@tycho.nsa.gov> wrote:
>
> On 9/10/19 3:53 PM, Mike Palmiotto wrote:
> > Commit c19395d72295f5e69275d98df5db22dfdf214b6c fixed some handling of unknown
> > classes/permissions, but missed the case where an unknown permission is loaded
> > and then subsequently logged, either via denial or auditallow. If a permission
> > set has some valid values mixed with unknown values, say `{ read write foo }`,
> > a check on `{ read write foo }` would fail to log the entire set.
> >
> > To fix this, skip over the bad permissions/classes when expanding them to
> > strings. The unknowns should be logged during `selinux_set_mapping`, so
> > there is no need for further logging of the actual unknown permissions.
> >
> > Signed-off-by: Mike Palmiotto <mike.palmiotto@crunchydata.com>
> > ---
> > libselinux/src/stringrep.c | 28 ++++++++++++----------------
> > 1 file changed, 12 insertions(+), 16 deletions(-)
> >
> > diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
> > index ad29f76d..85579422 100644
> > --- a/libselinux/src/stringrep.c
> > +++ b/libselinux/src/stringrep.c
> > @@ -276,19 +276,15 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
> > char *ptr;
> >
> > /* first pass computes the required length */
> > - while (tmp) {
> > + for (i = 0; tmp; tmp >>= 1, i++) {
>
> Remove the redundant initialization in the declaration now that you are
> doing it here (which is better, I agree).
>
> > if (tmp & 1) {
> > str = security_av_perm_to_string(tclass, av & (1<<i));
> > - if (str)
> > - len += strlen(str) + 1;
> > - else {
> > - rc = -1;
> > - errno = EINVAL;
> > - goto out;
> > + if (!str) {
> > + continue;
> > }
>
> No need to bracket it when it is a single statement.
>
> > +
> > + len += strlen(str) + 1;
>
> Might be clearer as:
> if (str)
> len += strlen(str) + 1;
> And just let it fall through to the end of the loop otherwise - no need
> for explicit continue here.
>
> > }
> > - tmp >>= 1;
> > - i++;
> > }
> >
> > *res = malloc(len);
> > @@ -298,7 +294,6 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
> > }
> >
> > /* second pass constructs the string */
> > - i = 0;
> > tmp = av;
> > ptr = *res;
> >
> > @@ -308,12 +303,13 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
> > }
> >
> > ptr += sprintf(ptr, "{ ");
> > - while (tmp) {
> > - if (tmp & 1)
> > - ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
> > - tclass, av & (1<<i)));
> > - tmp >>= 1;
> > - i++;
> > + for (i = 0; tmp; tmp >>= 1, i++) {
> > + if (tmp & 1) {
> > + str = security_av_perm_to_string(tclass, av & (1<<i));
> > + if (str) {
> > + ptr += sprintf(ptr, "%s ", str);
> > + }
>
> No need for { } around a single statement.
>
> > + }
> > }
> > sprintf(ptr, "}");
> > out:
> >
>
Thanks for the review. Fixed all of the above in v2.
--
Mike Palmiotto
https://crunchydata.com
prev parent reply other threads:[~2019-09-17 13:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-10 19:53 [PATCH] libselinux: fix string conversion of unknown perms Mike Palmiotto
2019-09-16 20:01 ` Stephen Smalley
2019-09-17 13:20 ` Mike Palmiotto [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMN686GeYV3HcOaUAiu-yg7kiy1ybFCH=6pMG3b5AE_AOutTEA@mail.gmail.com' \
--to=mike.palmiotto@crunchydata.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).