* Expunging userspace classes and permissions from kernel headers
@ 2007-03-22 13:24 Stephen Smalley
2007-03-22 13:46 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-22 13:24 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
Hi,
I've seen that there is a branch in refpolicy to experiment with
splitting the flask header generation so that the kernel headers can
omit the userspace classes and permission definitions. What's the
status on getting that merged onto trunk? As soon as possible, we
should get those userspace definitions purged from the kernel headers
upstream so that the kernel will not reject policies at load time if
userspace classes or permission definitions change. This came up
recently with Eamon because he wanted to change the X definitions.
Current kernels will complain if we try to do that, and the situation is
actually made worse by the new validation logic (before we could at
least reboot to force the kernel to accept the new policy; now it checks
even the initial policy load against the generated definitions).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-22 13:24 Expunging userspace classes and permissions from kernel headers Stephen Smalley
@ 2007-03-22 13:46 ` Christopher J. PeBenito
2007-03-22 13:50 ` Stephen Smalley
0 siblings, 1 reply; 15+ messages in thread
From: Christopher J. PeBenito @ 2007-03-22 13:46 UTC (permalink / raw)
To: Stephen Smalley
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> I've seen that there is a branch in refpolicy to experiment with
> splitting the flask header generation so that the kernel headers can
> omit the userspace classes and permission definitions. What's the
> status on getting that merged onto trunk? As soon as possible, we
> should get those userspace definitions purged from the kernel headers
> upstream so that the kernel will not reject policies at load time if
> userspace classes or permission definitions change. This came up
> recently with Eamon because he wanted to change the X definitions.
> Current kernels will complain if we try to do that, and the situation is
> actually made worse by the new validation logic (before we could at
> least reboot to force the kernel to accept the new policy; now it checks
> even the initial policy load against the generated definitions).
It is ready to be merged, but I thought that the validation logic didn't
handle the placeholders yet. If the headers generated by that refpolicy
branch work as expected, I can merge it right away.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-22 13:46 ` Christopher J. PeBenito
@ 2007-03-22 13:50 ` Stephen Smalley
2007-03-22 17:25 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-22 13:50 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Thu, 2007-03-22 at 13:46 +0000, Christopher J. PeBenito wrote:
> On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> > I've seen that there is a branch in refpolicy to experiment with
> > splitting the flask header generation so that the kernel headers can
> > omit the userspace classes and permission definitions. What's the
> > status on getting that merged onto trunk? As soon as possible, we
> > should get those userspace definitions purged from the kernel headers
> > upstream so that the kernel will not reject policies at load time if
> > userspace classes or permission definitions change. This came up
> > recently with Eamon because he wanted to change the X definitions.
> > Current kernels will complain if we try to do that, and the situation is
> > actually made worse by the new validation logic (before we could at
> > least reboot to force the kernel to accept the new policy; now it checks
> > even the initial policy load against the generated definitions).
>
> It is ready to be merged, but I thought that the validation logic didn't
> handle the placeholders yet. If the headers generated by that refpolicy
> branch work as expected, I can merge it right away.
It likely doesn't handle them yet. What are the placeholders? Simply
NULL pointers (easiest to test for) or "null" strings? Seems like
simple NULLs would be best, as long as we alter the code to always test
before dereferencing.
Best thing to do would be to generate the headers from that branch, diff
against the current kernel headers, and post the result so that we can
see if it matches expectations.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-22 13:50 ` Stephen Smalley
@ 2007-03-22 17:25 ` Christopher J. PeBenito
2007-03-22 17:51 ` Stephen Smalley
0 siblings, 1 reply; 15+ messages in thread
From: Christopher J. PeBenito @ 2007-03-22 17:25 UTC (permalink / raw)
To: Stephen Smalley
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Thu, 2007-03-22 at 09:50 -0400, Stephen Smalley wrote:
> On Thu, 2007-03-22 at 13:46 +0000, Christopher J. PeBenito wrote:
> > On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> > > I've seen that there is a branch in refpolicy to experiment with
> > > splitting the flask header generation so that the kernel headers can
> > > omit the userspace classes and permission definitions. What's the
> > > status on getting that merged onto trunk? As soon as possible, we
> > > should get those userspace definitions purged from the kernel headers
> > > upstream so that the kernel will not reject policies at load time if
> > > userspace classes or permission definitions change. This came up
> > > recently with Eamon because he wanted to change the X definitions.
> > > Current kernels will complain if we try to do that, and the situation is
> > > actually made worse by the new validation logic (before we could at
> > > least reboot to force the kernel to accept the new policy; now it checks
> > > even the initial policy load against the generated definitions).
> >
> > It is ready to be merged, but I thought that the validation logic didn't
> > handle the placeholders yet. If the headers generated by that refpolicy
> > branch work as expected, I can merge it right away.
>
> It likely doesn't handle them yet. What are the placeholders? Simply
> NULL pointers (easiest to test for) or "null" strings? Seems like
> simple NULLs would be best, as long as we alter the code to always test
> before dereferencing.
>
> Best thing to do would be to generate the headers from that branch, diff
> against the current kernel headers, and post the result so that we can
> see if it matches expectations.
See below for the current results, which put "null" for the placeholder.
If NULL is preferred, we can change the placeholder to that. There is a
comment change included; if this is a problem we can undo it. We just
thought it would be clearer to say what can auto generate the files.
diff -ur trunk/policy/flask/av_inherit.h branches/flask-headers-2121/policy/flask/kernel/av_inherit.h
--- trunk/policy/flask/av_inherit.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/av_inherit.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
S_(SECCLASS_DIR, file, 0x00020000UL)
S_(SECCLASS_FILE, file, 0x00020000UL)
S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
diff -ur trunk/policy/flask/av_perm_to_string.h branches/flask-headers-2121/policy/flask/kernel/av_perm_to_string.h
--- trunk/policy/flask/av_perm_to_string.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/av_perm_to_string.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
@@ -128,90 +128,6 @@
S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
- S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
- S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
- S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
- S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
- S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__CREATE, "create")
- S_(SECCLASS_GC, GC__FREE, "free")
- S_(SECCLASS_GC, GC__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
- S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
- S_(SECCLASS_FONT, FONT__LOAD, "load")
- S_(SECCLASS_FONT, FONT__FREE, "free")
- S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
- S_(SECCLASS_FONT, FONT__USE, "use")
- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
- S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
@@ -232,16 +148,6 @@
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
- S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
- S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
- S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
- S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
- S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
- S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
- S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
- S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
- S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
- S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
@@ -256,7 +162,5 @@
S_(SECCLASS_KEY, KEY__LINK, "link")
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
- S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
- S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
diff -ur trunk/policy/flask/av_permissions.h branches/flask-headers-2121/policy/flask/kernel/av_permissions.h
--- trunk/policy/flask/av_permissions.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/av_permissions.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
#define COMMON_FILE__IOCTL 0x00000001UL
#define COMMON_FILE__READ 0x00000002UL
#define COMMON_FILE__WRITE 0x00000004UL
@@ -529,90 +529,6 @@
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-#define PASSWD__PASSWD 0x00000001UL
-#define PASSWD__CHFN 0x00000002UL
-#define PASSWD__CHSH 0x00000004UL
-#define PASSWD__ROOTOK 0x00000008UL
-#define PASSWD__CRONTAB 0x00000010UL
-#define DRAWABLE__CREATE 0x00000001UL
-#define DRAWABLE__DESTROY 0x00000002UL
-#define DRAWABLE__DRAW 0x00000004UL
-#define DRAWABLE__COPY 0x00000008UL
-#define DRAWABLE__GETATTR 0x00000010UL
-#define GC__CREATE 0x00000001UL
-#define GC__FREE 0x00000002UL
-#define GC__GETATTR 0x00000004UL
-#define GC__SETATTR 0x00000008UL
-#define WINDOW__ADDCHILD 0x00000001UL
-#define WINDOW__CREATE 0x00000002UL
-#define WINDOW__DESTROY 0x00000004UL
-#define WINDOW__MAP 0x00000008UL
-#define WINDOW__UNMAP 0x00000010UL
-#define WINDOW__CHSTACK 0x00000020UL
-#define WINDOW__CHPROPLIST 0x00000040UL
-#define WINDOW__CHPROP 0x00000080UL
-#define WINDOW__LISTPROP 0x00000100UL
-#define WINDOW__GETATTR 0x00000200UL
-#define WINDOW__SETATTR 0x00000400UL
-#define WINDOW__SETFOCUS 0x00000800UL
-#define WINDOW__MOVE 0x00001000UL
-#define WINDOW__CHSELECTION 0x00002000UL
-#define WINDOW__CHPARENT 0x00004000UL
-#define WINDOW__CTRLLIFE 0x00008000UL
-#define WINDOW__ENUMERATE 0x00010000UL
-#define WINDOW__TRANSPARENT 0x00020000UL
-#define WINDOW__MOUSEMOTION 0x00040000UL
-#define WINDOW__CLIENTCOMEVENT 0x00080000UL
-#define WINDOW__INPUTEVENT 0x00100000UL
-#define WINDOW__DRAWEVENT 0x00200000UL
-#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
-#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
-#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
-#define WINDOW__EXTENSIONEVENT 0x02000000UL
-#define FONT__LOAD 0x00000001UL
-#define FONT__FREE 0x00000002UL
-#define FONT__GETATTR 0x00000004UL
-#define FONT__USE 0x00000008UL
-#define COLORMAP__CREATE 0x00000001UL
-#define COLORMAP__FREE 0x00000002UL
-#define COLORMAP__INSTALL 0x00000004UL
-#define COLORMAP__UNINSTALL 0x00000008UL
-#define COLORMAP__LIST 0x00000010UL
-#define COLORMAP__READ 0x00000020UL
-#define COLORMAP__STORE 0x00000040UL
-#define COLORMAP__GETATTR 0x00000080UL
-#define COLORMAP__SETATTR 0x00000100UL
-#define PROPERTY__CREATE 0x00000001UL
-#define PROPERTY__FREE 0x00000002UL
-#define PROPERTY__READ 0x00000004UL
-#define PROPERTY__WRITE 0x00000008UL
-#define CURSOR__CREATE 0x00000001UL
-#define CURSOR__CREATEGLYPH 0x00000002UL
-#define CURSOR__FREE 0x00000004UL
-#define CURSOR__ASSIGN 0x00000008UL
-#define CURSOR__SETATTR 0x00000010UL
-#define XCLIENT__KILL 0x00000001UL
-#define XINPUT__LOOKUP 0x00000001UL
-#define XINPUT__GETATTR 0x00000002UL
-#define XINPUT__SETATTR 0x00000004UL
-#define XINPUT__SETFOCUS 0x00000008UL
-#define XINPUT__WARPPOINTER 0x00000010UL
-#define XINPUT__ACTIVEGRAB 0x00000020UL
-#define XINPUT__PASSIVEGRAB 0x00000040UL
-#define XINPUT__UNGRAB 0x00000080UL
-#define XINPUT__BELL 0x00000100UL
-#define XINPUT__MOUSEMOTION 0x00000200UL
-#define XINPUT__RELABELINPUT 0x00000400UL
-#define XSERVER__SCREENSAVER 0x00000001UL
-#define XSERVER__GETHOSTLIST 0x00000002UL
-#define XSERVER__SETHOSTLIST 0x00000004UL
-#define XSERVER__GETFONTPATH 0x00000008UL
-#define XSERVER__SETFONTPATH 0x00000010UL
-#define XSERVER__GETATTR 0x00000020UL
-#define XSERVER__GRAB 0x00000040UL
-#define XSERVER__UNGRAB 0x00000080UL
-#define XEXTENSION__QUERY 0x00000001UL
-#define XEXTENSION__USE 0x00000002UL
#define PAX__PAGEEXEC 0x00000001UL
#define PAX__EMUTRAMP 0x00000002UL
#define PAX__MPROTECT 0x00000004UL
@@ -831,16 +747,6 @@
#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-#define DBUS__ACQUIRE_SVC 0x00000001UL
-#define DBUS__SEND_MSG 0x00000002UL
-#define NSCD__GETPWD 0x00000001UL
-#define NSCD__GETGRP 0x00000002UL
-#define NSCD__GETHOST 0x00000004UL
-#define NSCD__GETSTAT 0x00000008UL
-#define NSCD__ADMIN 0x00000010UL
-#define NSCD__SHMEMPWD 0x00000020UL
-#define NSCD__SHMEMGRP 0x00000040UL
-#define NSCD__SHMEMHOST 0x00000080UL
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
@@ -899,8 +805,6 @@
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
-#define CONTEXT__TRANSLATE 0x00000001UL
-#define CONTEXT__CONTAINS 0x00000002UL
#define DCCP_SOCKET__IOCTL 0x00000001UL
#define DCCP_SOCKET__READ 0x00000002UL
#define DCCP_SOCKET__WRITE 0x00000004UL
diff -ur trunk/policy/flask/class_to_string.h branches/flask-headers-2121/policy/flask/kernel/class_to_string.h
--- trunk/policy/flask/class_to_string.h 2007-03-22 13:11:52.459557285 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/class_to_string.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,7 +1,6 @@
-/* This file is automatically generated. Do not edit. */
-/*
- * Security object class definitions
- */
+/* This file is automatically generated by Reference Policy. Do not edit. */
+
+/* Security object class definitions */
S_("null")
S_("security")
S_("process")
@@ -32,18 +31,18 @@
S_("msgq")
S_("shm")
S_("ipc")
- S_("passwd")
- S_("drawable")
- S_("window")
- S_("gc")
- S_("font")
- S_("colormap")
- S_("property")
- S_("cursor")
- S_("xclient")
- S_("xinput")
- S_("xserver")
- S_("xextension")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
+ S_("null")
S_("pax")
S_("netlink_route_socket")
S_("netlink_firewall_socket")
@@ -54,12 +53,12 @@
S_("netlink_audit_socket")
S_("netlink_ip6fw_socket")
S_("netlink_dnrt_socket")
- S_("dbus")
- S_("nscd")
+ S_("null")
+ S_("null")
S_("association")
S_("netlink_kobject_uevent_socket")
S_("appletalk_socket")
S_("packet")
S_("key")
- S_("context")
+ S_("null")
S_("dccp_socket")
diff -ur trunk/policy/flask/common_perm_to_string.h branches/flask-headers-2121/policy/flask/kernel/common_perm_to_string.h
--- trunk/policy/flask/common_perm_to_string.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/common_perm_to_string.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
TB_(common_file_perm_to_string)
S_("ioctl")
S_("read")
diff -ur trunk/policy/flask/flask.h branches/flask-headers-2121/policy/flask/kernel/flask.h
--- trunk/policy/flask/flask.h 2007-03-22 13:11:52.459557285 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/flask.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
#ifndef _SELINUX_FLASK_H_
#define _SELINUX_FLASK_H_
@@ -34,18 +34,6 @@
#define SECCLASS_MSGQ 27
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
-#define SECCLASS_PASSWD 30
-#define SECCLASS_DRAWABLE 31
-#define SECCLASS_WINDOW 32
-#define SECCLASS_GC 33
-#define SECCLASS_FONT 34
-#define SECCLASS_COLORMAP 35
-#define SECCLASS_PROPERTY 36
-#define SECCLASS_CURSOR 37
-#define SECCLASS_XCLIENT 38
-#define SECCLASS_XINPUT 39
-#define SECCLASS_XSERVER 40
-#define SECCLASS_XEXTENSION 41
#define SECCLASS_PAX 42
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
@@ -56,14 +44,11 @@
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
#define SECCLASS_NETLINK_DNRT_SOCKET 51
-#define SECCLASS_DBUS 52
-#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
-#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
/*
diff -ur trunk/policy/flask/initial_sid_to_string.h branches/flask-headers-2121/policy/flask/kernel/initial_sid_to_string.h
--- trunk/policy/flask/initial_sid_to_string.h 2007-03-22 13:11:52.459557285 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/initial_sid_to_string.h 2007-03-22 13:16:30.620941284 -0400
@@ -1,4 +1,4 @@
-/* This file is automatically generated. Do not edit. */
+/* This file is automatically generated by Reference Policy. Do not edit. */
static char *initial_sid_to_string[] =
{
"null",
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-22 17:25 ` Christopher J. PeBenito
@ 2007-03-22 17:51 ` Stephen Smalley
2007-03-23 16:09 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-22 17:51 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Thu, 2007-03-22 at 17:25 +0000, Christopher J. PeBenito wrote:
> On Thu, 2007-03-22 at 09:50 -0400, Stephen Smalley wrote:
> > On Thu, 2007-03-22 at 13:46 +0000, Christopher J. PeBenito wrote:
> > > On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> > > > I've seen that there is a branch in refpolicy to experiment with
> > > > splitting the flask header generation so that the kernel headers can
> > > > omit the userspace classes and permission definitions. What's the
> > > > status on getting that merged onto trunk? As soon as possible, we
> > > > should get those userspace definitions purged from the kernel headers
> > > > upstream so that the kernel will not reject policies at load time if
> > > > userspace classes or permission definitions change. This came up
> > > > recently with Eamon because he wanted to change the X definitions.
> > > > Current kernels will complain if we try to do that, and the situation is
> > > > actually made worse by the new validation logic (before we could at
> > > > least reboot to force the kernel to accept the new policy; now it checks
> > > > even the initial policy load against the generated definitions).
> > >
> > > It is ready to be merged, but I thought that the validation logic didn't
> > > handle the placeholders yet. If the headers generated by that refpolicy
> > > branch work as expected, I can merge it right away.
> >
> > It likely doesn't handle them yet. What are the placeholders? Simply
> > NULL pointers (easiest to test for) or "null" strings? Seems like
> > simple NULLs would be best, as long as we alter the code to always test
> > before dereferencing.
> >
> > Best thing to do would be to generate the headers from that branch, diff
> > against the current kernel headers, and post the result so that we can
> > see if it matches expectations.
>
> See below for the current results, which put "null" for the placeholder.
> If NULL is preferred, we can change the placeholder to that. There is a
> comment change included; if this is a problem we can undo it. We just
> thought it would be clearer to say what can auto generate the files.
I think using NULL would be cleaner, and then we can just add a test for
NULL to validate_classes() in ss/services.s. Only other user of
class_to_string[] is avc_dump_query, but that should only be getting
kernel class values; anything else is a bug.
Speaking of unused classes, is anything still using the pax class? That
was for an out-of-tree kernel patch by Joshua for PAX integration IIRC.
As it isn't referenced by the mainline kernel, we could rip it out too
and reuse it later for something else.
As to the comment change, I'm not sure it is useful to just say
"Reference Policy" without giving a pointer to where one can find it
(e.g. URL to oss.tresys.com). I don't have any strong opinion on it,
but typically it would be a separate patch since it is a separate
logical change.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-22 17:51 ` Stephen Smalley
@ 2007-03-23 16:09 ` Christopher J. PeBenito
2007-03-23 16:25 ` Stephen Smalley
0 siblings, 1 reply; 15+ messages in thread
From: Christopher J. PeBenito @ 2007-03-23 16:09 UTC (permalink / raw)
To: Stephen Smalley
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Thu, 2007-03-22 at 13:51 -0400, Stephen Smalley wrote:
> On Thu, 2007-03-22 at 17:25 +0000, Christopher J. PeBenito wrote:
> > On Thu, 2007-03-22 at 09:50 -0400, Stephen Smalley wrote:
> > > On Thu, 2007-03-22 at 13:46 +0000, Christopher J. PeBenito wrote:
> > > > On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> > > > > I've seen that there is a branch in refpolicy to experiment with
> > > > > splitting the flask header generation so that the kernel headers can
> > > > > omit the userspace classes and permission definitions. What's the
> > > > > status on getting that merged onto trunk? As soon as possible, we
> > > > > should get those userspace definitions purged from the kernel headers
> > > > > upstream so that the kernel will not reject policies at load time if
> > > > > userspace classes or permission definitions change. This came up
> > > > > recently with Eamon because he wanted to change the X definitions.
> > > > > Current kernels will complain if we try to do that, and the situation is
> > > > > actually made worse by the new validation logic (before we could at
> > > > > least reboot to force the kernel to accept the new policy; now it checks
> > > > > even the initial policy load against the generated definitions).
> > > >
> > > > It is ready to be merged, but I thought that the validation logic didn't
> > > > handle the placeholders yet. If the headers generated by that refpolicy
> > > > branch work as expected, I can merge it right away.
> > >
> > > It likely doesn't handle them yet. What are the placeholders? Simply
> > > NULL pointers (easiest to test for) or "null" strings? Seems like
> > > simple NULLs would be best, as long as we alter the code to always test
> > > before dereferencing.
> > >
> > > Best thing to do would be to generate the headers from that branch, diff
> > > against the current kernel headers, and post the result so that we can
> > > see if it matches expectations.
> >
> > See below for the current results, which put "null" for the placeholder.
> > If NULL is preferred, we can change the placeholder to that. There is a
> > comment change included; if this is a problem we can undo it. We just
> > thought it would be clearer to say what can auto generate the files.
>
> I think using NULL would be cleaner, and then we can just add a test for
> NULL to validate_classes() in ss/services.s. Only other user of
> class_to_string[] is avc_dump_query, but that should only be getting
> kernel class values; anything else is a bug.
>
> Speaking of unused classes, is anything still using the pax class? That
> was for an out-of-tree kernel patch by Joshua for PAX integration IIRC.
> As it isn't referenced by the mainline kernel, we could rip it out too
> and reuse it later for something else.
We dropped because of the execmem/mod perms. So I'll mark it as
userland so it comes out of the kernel headers.
> As to the comment change, I'm not sure it is useful to just say
> "Reference Policy" without giving a pointer to where one can find it
> (e.g. URL to oss.tresys.com). I don't have any strong opinion on it,
> but typically it would be a separate patch since it is a separate
> logical change.
I reverted the comment change and changed "null" to NULL. Is this what
you had in mind (it doesn't have the PAX change yet)?
diff -ur trunk/policy/flask/av_perm_to_string.h branches/flask-headers-2121/policy/flask/kernel/av_perm_to_string.h
--- trunk/policy/flask/av_perm_to_string.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/av_perm_to_string.h 2007-03-23 12:00:42.392357285 -0400
@@ -128,90 +128,6 @@
S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
- S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
- S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
- S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
- S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
- S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__CREATE, "create")
- S_(SECCLASS_GC, GC__FREE, "free")
- S_(SECCLASS_GC, GC__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
- S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
- S_(SECCLASS_FONT, FONT__LOAD, "load")
- S_(SECCLASS_FONT, FONT__FREE, "free")
- S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
- S_(SECCLASS_FONT, FONT__USE, "use")
- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
- S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
@@ -232,16 +148,6 @@
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
- S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
- S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
- S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
- S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
- S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
- S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
- S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
- S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
- S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
- S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
@@ -256,7 +162,5 @@
S_(SECCLASS_KEY, KEY__LINK, "link")
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
- S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
- S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
diff -ur trunk/policy/flask/av_permissions.h branches/flask-headers-2121/policy/flask/kernel/av_permissions.h
--- trunk/policy/flask/av_permissions.h 2007-03-22 13:11:52.579564785 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/av_permissions.h 2007-03-23 12:00:42.392357285 -0400
@@ -529,90 +529,6 @@
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-#define PASSWD__PASSWD 0x00000001UL
-#define PASSWD__CHFN 0x00000002UL
-#define PASSWD__CHSH 0x00000004UL
-#define PASSWD__ROOTOK 0x00000008UL
-#define PASSWD__CRONTAB 0x00000010UL
-#define DRAWABLE__CREATE 0x00000001UL
-#define DRAWABLE__DESTROY 0x00000002UL
-#define DRAWABLE__DRAW 0x00000004UL
-#define DRAWABLE__COPY 0x00000008UL
-#define DRAWABLE__GETATTR 0x00000010UL
-#define GC__CREATE 0x00000001UL
-#define GC__FREE 0x00000002UL
-#define GC__GETATTR 0x00000004UL
-#define GC__SETATTR 0x00000008UL
-#define WINDOW__ADDCHILD 0x00000001UL
-#define WINDOW__CREATE 0x00000002UL
-#define WINDOW__DESTROY 0x00000004UL
-#define WINDOW__MAP 0x00000008UL
-#define WINDOW__UNMAP 0x00000010UL
-#define WINDOW__CHSTACK 0x00000020UL
-#define WINDOW__CHPROPLIST 0x00000040UL
-#define WINDOW__CHPROP 0x00000080UL
-#define WINDOW__LISTPROP 0x00000100UL
-#define WINDOW__GETATTR 0x00000200UL
-#define WINDOW__SETATTR 0x00000400UL
-#define WINDOW__SETFOCUS 0x00000800UL
-#define WINDOW__MOVE 0x00001000UL
-#define WINDOW__CHSELECTION 0x00002000UL
-#define WINDOW__CHPARENT 0x00004000UL
-#define WINDOW__CTRLLIFE 0x00008000UL
-#define WINDOW__ENUMERATE 0x00010000UL
-#define WINDOW__TRANSPARENT 0x00020000UL
-#define WINDOW__MOUSEMOTION 0x00040000UL
-#define WINDOW__CLIENTCOMEVENT 0x00080000UL
-#define WINDOW__INPUTEVENT 0x00100000UL
-#define WINDOW__DRAWEVENT 0x00200000UL
-#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
-#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
-#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
-#define WINDOW__EXTENSIONEVENT 0x02000000UL
-#define FONT__LOAD 0x00000001UL
-#define FONT__FREE 0x00000002UL
-#define FONT__GETATTR 0x00000004UL
-#define FONT__USE 0x00000008UL
-#define COLORMAP__CREATE 0x00000001UL
-#define COLORMAP__FREE 0x00000002UL
-#define COLORMAP__INSTALL 0x00000004UL
-#define COLORMAP__UNINSTALL 0x00000008UL
-#define COLORMAP__LIST 0x00000010UL
-#define COLORMAP__READ 0x00000020UL
-#define COLORMAP__STORE 0x00000040UL
-#define COLORMAP__GETATTR 0x00000080UL
-#define COLORMAP__SETATTR 0x00000100UL
-#define PROPERTY__CREATE 0x00000001UL
-#define PROPERTY__FREE 0x00000002UL
-#define PROPERTY__READ 0x00000004UL
-#define PROPERTY__WRITE 0x00000008UL
-#define CURSOR__CREATE 0x00000001UL
-#define CURSOR__CREATEGLYPH 0x00000002UL
-#define CURSOR__FREE 0x00000004UL
-#define CURSOR__ASSIGN 0x00000008UL
-#define CURSOR__SETATTR 0x00000010UL
-#define XCLIENT__KILL 0x00000001UL
-#define XINPUT__LOOKUP 0x00000001UL
-#define XINPUT__GETATTR 0x00000002UL
-#define XINPUT__SETATTR 0x00000004UL
-#define XINPUT__SETFOCUS 0x00000008UL
-#define XINPUT__WARPPOINTER 0x00000010UL
-#define XINPUT__ACTIVEGRAB 0x00000020UL
-#define XINPUT__PASSIVEGRAB 0x00000040UL
-#define XINPUT__UNGRAB 0x00000080UL
-#define XINPUT__BELL 0x00000100UL
-#define XINPUT__MOUSEMOTION 0x00000200UL
-#define XINPUT__RELABELINPUT 0x00000400UL
-#define XSERVER__SCREENSAVER 0x00000001UL
-#define XSERVER__GETHOSTLIST 0x00000002UL
-#define XSERVER__SETHOSTLIST 0x00000004UL
-#define XSERVER__GETFONTPATH 0x00000008UL
-#define XSERVER__SETFONTPATH 0x00000010UL
-#define XSERVER__GETATTR 0x00000020UL
-#define XSERVER__GRAB 0x00000040UL
-#define XSERVER__UNGRAB 0x00000080UL
-#define XEXTENSION__QUERY 0x00000001UL
-#define XEXTENSION__USE 0x00000002UL
#define PAX__PAGEEXEC 0x00000001UL
#define PAX__EMUTRAMP 0x00000002UL
#define PAX__MPROTECT 0x00000004UL
@@ -831,16 +747,6 @@
#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-#define DBUS__ACQUIRE_SVC 0x00000001UL
-#define DBUS__SEND_MSG 0x00000002UL
-#define NSCD__GETPWD 0x00000001UL
-#define NSCD__GETGRP 0x00000002UL
-#define NSCD__GETHOST 0x00000004UL
-#define NSCD__GETSTAT 0x00000008UL
-#define NSCD__ADMIN 0x00000010UL
-#define NSCD__SHMEMPWD 0x00000020UL
-#define NSCD__SHMEMGRP 0x00000040UL
-#define NSCD__SHMEMHOST 0x00000080UL
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
@@ -899,8 +805,6 @@
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
-#define CONTEXT__TRANSLATE 0x00000001UL
-#define CONTEXT__CONTAINS 0x00000002UL
#define DCCP_SOCKET__IOCTL 0x00000001UL
#define DCCP_SOCKET__READ 0x00000002UL
#define DCCP_SOCKET__WRITE 0x00000004UL
diff -ur trunk/policy/flask/class_to_string.h branches/flask-headers-2121/policy/flask/kernel/class_to_string.h
--- trunk/policy/flask/class_to_string.h 2007-03-22 13:11:52.459557285 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/class_to_string.h 2007-03-23 12:00:42.392357285 -0400
@@ -2,7 +2,7 @@
/*
* Security object class definitions
*/
- S_("null")
+ S_(NULL)
S_("security")
S_("process")
S_("system")
@@ -32,18 +32,18 @@
S_("msgq")
S_("shm")
S_("ipc")
- S_("passwd")
- S_("drawable")
- S_("window")
- S_("gc")
- S_("font")
- S_("colormap")
- S_("property")
- S_("cursor")
- S_("xclient")
- S_("xinput")
- S_("xserver")
- S_("xextension")
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
S_("pax")
S_("netlink_route_socket")
S_("netlink_firewall_socket")
@@ -54,12 +54,12 @@
S_("netlink_audit_socket")
S_("netlink_ip6fw_socket")
S_("netlink_dnrt_socket")
- S_("dbus")
- S_("nscd")
+ S_(NULL)
+ S_(NULL)
S_("association")
S_("netlink_kobject_uevent_socket")
S_("appletalk_socket")
S_("packet")
S_("key")
- S_("context")
+ S_(NULL)
S_("dccp_socket")
diff -ur trunk/policy/flask/flask.h branches/flask-headers-2121/policy/flask/kernel/flask.h
--- trunk/policy/flask/flask.h 2007-03-22 13:11:52.459557285 -0400
+++ branches/flask-headers-2121/policy/flask/kernel/flask.h 2007-03-23 12:00:42.392357285 -0400
@@ -34,18 +34,6 @@
#define SECCLASS_MSGQ 27
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
-#define SECCLASS_PASSWD 30
-#define SECCLASS_DRAWABLE 31
-#define SECCLASS_WINDOW 32
-#define SECCLASS_GC 33
-#define SECCLASS_FONT 34
-#define SECCLASS_COLORMAP 35
-#define SECCLASS_PROPERTY 36
-#define SECCLASS_CURSOR 37
-#define SECCLASS_XCLIENT 38
-#define SECCLASS_XINPUT 39
-#define SECCLASS_XSERVER 40
-#define SECCLASS_XEXTENSION 41
#define SECCLASS_PAX 42
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
@@ -56,14 +44,11 @@
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
#define SECCLASS_NETLINK_DNRT_SOCKET 51
-#define SECCLASS_DBUS 52
-#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
-#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
/*
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 16:09 ` Christopher J. PeBenito
@ 2007-03-23 16:25 ` Stephen Smalley
2007-03-23 18:34 ` James Morris
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Stephen Smalley @ 2007-03-23 16:25 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> On Thu, 2007-03-22 at 13:51 -0400, Stephen Smalley wrote:
> > On Thu, 2007-03-22 at 17:25 +0000, Christopher J. PeBenito wrote:
> > > On Thu, 2007-03-22 at 09:50 -0400, Stephen Smalley wrote:
> > > > On Thu, 2007-03-22 at 13:46 +0000, Christopher J. PeBenito wrote:
> > > > > On Thu, 2007-03-22 at 09:24 -0400, Stephen Smalley wrote:
> > > > > > I've seen that there is a branch in refpolicy to experiment with
> > > > > > splitting the flask header generation so that the kernel headers can
> > > > > > omit the userspace classes and permission definitions. What's the
> > > > > > status on getting that merged onto trunk? As soon as possible, we
> > > > > > should get those userspace definitions purged from the kernel headers
> > > > > > upstream so that the kernel will not reject policies at load time if
> > > > > > userspace classes or permission definitions change. This came up
> > > > > > recently with Eamon because he wanted to change the X definitions.
> > > > > > Current kernels will complain if we try to do that, and the situation is
> > > > > > actually made worse by the new validation logic (before we could at
> > > > > > least reboot to force the kernel to accept the new policy; now it checks
> > > > > > even the initial policy load against the generated definitions).
> > > > >
> > > > > It is ready to be merged, but I thought that the validation logic didn't
> > > > > handle the placeholders yet. If the headers generated by that refpolicy
> > > > > branch work as expected, I can merge it right away.
> > > >
> > > > It likely doesn't handle them yet. What are the placeholders? Simply
> > > > NULL pointers (easiest to test for) or "null" strings? Seems like
> > > > simple NULLs would be best, as long as we alter the code to always test
> > > > before dereferencing.
> > > >
> > > > Best thing to do would be to generate the headers from that branch, diff
> > > > against the current kernel headers, and post the result so that we can
> > > > see if it matches expectations.
> > >
> > > See below for the current results, which put "null" for the placeholder.
> > > If NULL is preferred, we can change the placeholder to that. There is a
> > > comment change included; if this is a problem we can undo it. We just
> > > thought it would be clearer to say what can auto generate the files.
> >
> > I think using NULL would be cleaner, and then we can just add a test for
> > NULL to validate_classes() in ss/services.s. Only other user of
> > class_to_string[] is avc_dump_query, but that should only be getting
> > kernel class values; anything else is a bug.
> >
> > Speaking of unused classes, is anything still using the pax class? That
> > was for an out-of-tree kernel patch by Joshua for PAX integration IIRC.
> > As it isn't referenced by the mainline kernel, we could rip it out too
> > and reuse it later for something else.
>
> We dropped because of the execmem/mod perms. So I'll mark it as
> userland so it comes out of the kernel headers.
>
> > As to the comment change, I'm not sure it is useful to just say
> > "Reference Policy" without giving a pointer to where one can find it
> > (e.g. URL to oss.tresys.com). I don't have any strong opinion on it,
> > but typically it would be a separate patch since it is a separate
> > logical change.
>
> I reverted the comment change and changed "null" to NULL. Is this what
> you had in mind (it doesn't have the PAX change yet)?
Yes, looks sane. We would then apply that diff (re-based to the kernel
tree) along with a patch like the following untested one (added a guard
to both avc_dump_query and validate_classes despite my earlier comment).
Look reasonable to others?
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index da8caf1..b25cf18 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -217,7 +217,9 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
audit_log_format(ab, " tcontext=%s", scontext);
kfree(scontext);
}
- audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
+
+ if (tclass && tclass < ARRAY_SIZE(class_to_string))
+ audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
}
/**
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1e52356..3668f18 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
for (i = 1; i < kdefs->cts_len; i++) {
def_class = kdefs->class_to_string[i];
+ if (!def_class)
+ continue;
if (i > p->p_classes.nprim) {
printk(KERN_INFO
"security: class %s not defined in policy\n",
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 16:25 ` Stephen Smalley
@ 2007-03-23 18:34 ` James Morris
2007-03-23 18:41 ` Eric Paris
2007-03-23 19:37 ` Christopher J. PeBenito
2 siblings, 0 replies; 15+ messages in thread
From: James Morris @ 2007-03-23 18:34 UTC (permalink / raw)
To: Stephen Smalley
Cc: Christopher J. PeBenito, selinux, Eamon Walsh, Eric Paris, Chad Sellers
On Fri, 23 Mar 2007, Stephen Smalley wrote:
> Yes, looks sane. We would then apply that diff (re-based to the kernel
> tree) along with a patch like the following untested one (added a guard
> to both avc_dump_query and validate_classes despite my earlier comment).
> Look reasonable to others?
Yep.
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index da8caf1..b25cf18 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -217,7 +217,9 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
> audit_log_format(ab, " tcontext=%s", scontext);
> kfree(scontext);
> }
> - audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> +
> + if (tclass && tclass < ARRAY_SIZE(class_to_string))
> + audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> }
>
> /**
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 1e52356..3668f18 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
>
> for (i = 1; i < kdefs->cts_len; i++) {
> def_class = kdefs->class_to_string[i];
> + if (!def_class)
> + continue;
> if (i > p->p_classes.nprim) {
> printk(KERN_INFO
> "security: class %s not defined in policy\n",
>
>
>
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 16:25 ` Stephen Smalley
2007-03-23 18:34 ` James Morris
@ 2007-03-23 18:41 ` Eric Paris
2007-03-23 18:50 ` Stephen Smalley
2007-03-23 19:37 ` Christopher J. PeBenito
2 siblings, 1 reply; 15+ messages in thread
From: Eric Paris @ 2007-03-23 18:41 UTC (permalink / raw)
To: Stephen Smalley
Cc: Christopher J. PeBenito, selinux, Eamon Walsh, James Morris,
Chad Sellers
On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > I reverted the comment change and changed "null" to NULL. Is this what
> > you had in mind (it doesn't have the PAX change yet)?
>
> Yes, looks sane. We would then apply that diff (re-based to the kernel
> tree) along with a patch like the following untested one (added a guard
> to both avc_dump_query and validate_classes despite my earlier comment).
> Look reasonable to others?
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index da8caf1..b25cf18 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -217,7 +217,9 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
> audit_log_format(ab, " tcontext=%s", scontext);
> kfree(scontext);
> }
> - audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> +
> + if (tclass && tclass < ARRAY_SIZE(class_to_string))
> + audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> }
I don't see how this causes any harm. Can we count on audit_log_format
handleing a null pointer for the %s correctly? If we are going to work
under the assumption that bad tclass values might get in here we don't
know if we are going to hit a hole in the class table. Maybe we'd
rather have
if (tclass) && tclass < ARRAY_SIZE && class_to_string[tclass]
audit_log_format......
else
printk(KERN_ERR "attempting to log a non-kernel class definition %d\n", tclass);
so we at least know when something is getting through....
>
> /**
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 1e52356..3668f18 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
>
> for (i = 1; i < kdefs->cts_len; i++) {
> def_class = kdefs->class_to_string[i];
> + if (!def_class)
> + continue;
> if (i > p->p_classes.nprim) {
> printk(KERN_INFO
> "security: class %s not defined in policy\n",
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 18:41 ` Eric Paris
@ 2007-03-23 18:50 ` Stephen Smalley
0 siblings, 0 replies; 15+ messages in thread
From: Stephen Smalley @ 2007-03-23 18:50 UTC (permalink / raw)
To: Eric Paris
Cc: Christopher J. PeBenito, selinux, Eamon Walsh, James Morris,
Chad Sellers
On Fri, 2007-03-23 at 14:41 -0400, Eric Paris wrote:
> On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> > On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > > I reverted the comment change and changed "null" to NULL. Is this what
> > > you had in mind (it doesn't have the PAX change yet)?
> >
> > Yes, looks sane. We would then apply that diff (re-based to the kernel
> > tree) along with a patch like the following untested one (added a guard
> > to both avc_dump_query and validate_classes despite my earlier comment).
> > Look reasonable to others?
> >
> > diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> > index da8caf1..b25cf18 100644
> > --- a/security/selinux/avc.c
> > +++ b/security/selinux/avc.c
> > @@ -217,7 +217,9 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
> > audit_log_format(ab, " tcontext=%s", scontext);
> > kfree(scontext);
> > }
> > - audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> > +
> > + if (tclass && tclass < ARRAY_SIZE(class_to_string))
> > + audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> > }
>
> I don't see how this causes any harm. Can we count on audit_log_format
> handleing a null pointer for the %s correctly? If we are going to work
> under the assumption that bad tclass values might get in here we don't
> know if we are going to hit a hole in the class table. Maybe we'd
> rather have
>
> if (tclass) && tclass < ARRAY_SIZE && class_to_string[tclass]
> audit_log_format......
> else
> printk(KERN_ERR "attempting to log a non-kernel class definition %d\n", tclass);
>
> so we at least know when something is getting through....
Testing class_to_string[tclass] will also catch the tclass == 0 case, so
we could drop the first test then, and further, as avc_dump_query should
only ever be passed a kernel class, we can make it a BUG_ON, as below.
Inserting a printk there would be a bit confusing when auditd is
disabled - it would interleave with the avc message.
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index da8caf1..e4396a8 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -217,6 +217,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
audit_log_format(ab, " tcontext=%s", scontext);
kfree(scontext);
}
+
+ BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1e52356..3668f18 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
for (i = 1; i < kdefs->cts_len; i++) {
def_class = kdefs->class_to_string[i];
+ if (!def_class)
+ continue;
if (i > p->p_classes.nprim) {
printk(KERN_INFO
"security: class %s not defined in policy\n",
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 16:25 ` Stephen Smalley
2007-03-23 18:34 ` James Morris
2007-03-23 18:41 ` Eric Paris
@ 2007-03-23 19:37 ` Christopher J. PeBenito
2007-03-26 15:23 ` Stephen Smalley
2 siblings, 1 reply; 15+ messages in thread
From: Christopher J. PeBenito @ 2007-03-23 19:37 UTC (permalink / raw)
To: Stephen Smalley
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > I reverted the comment change and changed "null" to NULL. Is this what
> > you had in mind (it doesn't have the PAX change yet)?
>
> Yes, looks sane. We would then apply that diff (re-based to the kernel
> tree) along with a patch like the following untested one (added a guard
> to both avc_dump_query and validate_classes despite my earlier comment).
I have merged this into trunk and marked pax as userland so it can be
reclaimed.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-23 19:37 ` Christopher J. PeBenito
@ 2007-03-26 15:23 ` Stephen Smalley
2007-03-26 17:40 ` Stephen Smalley
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-26 15:23 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Fri, 2007-03-23 at 15:37 -0400, Christopher J. PeBenito wrote:
> On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> > On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > > I reverted the comment change and changed "null" to NULL. Is this what
> > > you had in mind (it doesn't have the PAX change yet)?
> >
> > Yes, looks sane. We would then apply that diff (re-based to the kernel
> > tree) along with a patch like the following untested one (added a guard
> > to both avc_dump_query and validate_classes despite my earlier comment).
>
> I have merged this into trunk and marked pax as userland so it can be
> reclaimed.
Thanks. Combining the resulting diff of the generated headers and my
patch to add guards for the NULL values, the overall patch is as follows
(still building, not yet tested).
[patch 1/1] selinux: remove userland class and permission definitions from the kernel
Remove userland security classes and permissions from the kernel.
---
security/selinux/avc.c | 2
security/selinux/include/av_perm_to_string.h | 102 ---------------
security/selinux/include/av_permissions.h | 179 ---------------------------
security/selinux/include/class_to_string.h | 34 ++---
security/selinux/include/flask.h | 16 --
security/selinux/ss/services.c | 2
6 files changed, 21 insertions(+), 314 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index da8caf1..e4396a8 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -217,6 +217,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
audit_log_format(ab, " tcontext=%s", scontext);
kfree(scontext);
}
+
+ BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index ad9fb2d..b83e740 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -128,96 +128,6 @@
S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
- S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
- S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
- S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
- S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
- S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
- S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
- S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
- S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__CREATE, "create")
- S_(SECCLASS_GC, GC__FREE, "free")
- S_(SECCLASS_GC, GC__GETATTR, "getattr")
- S_(SECCLASS_GC, GC__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
- S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
- S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
- S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
- S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
- S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
- S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
- S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
- S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
- S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
- S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
- S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
- S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
- S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
- S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
- S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
- S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
- S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
- S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
- S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
- S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
- S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
- S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
- S_(SECCLASS_FONT, FONT__LOAD, "load")
- S_(SECCLASS_FONT, FONT__FREE, "free")
- S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
- S_(SECCLASS_FONT, FONT__USE, "use")
- S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
- S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
- S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
- S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
- S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
- S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
- S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
- S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
- S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
- S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
- S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
- S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
- S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
- S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
- S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
- S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
- S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
- S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
- S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
- S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
- S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
- S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
- S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
- S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
- S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
- S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
- S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
- S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
- S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
- S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
- S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
- S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
- S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
- S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
- S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
- S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
- S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
- S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
- S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
- S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
- S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
- S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
- S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
- S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
- S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
- S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
@@ -232,16 +142,6 @@
S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
- S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
- S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
- S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
- S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
- S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
- S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
- S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
- S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
- S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
- S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
@@ -256,7 +156,5 @@
S_(SECCLASS_KEY, KEY__LINK, "link")
S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
S_(SECCLASS_KEY, KEY__CREATE, "create")
- S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
- S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index 2de4b5f..5fee173 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -16,7 +16,6 @@
#define COMMON_FILE__SWAPON 0x00004000UL
#define COMMON_FILE__QUOTAON 0x00008000UL
#define COMMON_FILE__MOUNTON 0x00010000UL
-
#define COMMON_SOCKET__IOCTL 0x00000001UL
#define COMMON_SOCKET__READ 0x00000002UL
#define COMMON_SOCKET__WRITE 0x00000004UL
@@ -39,7 +38,6 @@
#define COMMON_SOCKET__RECV_MSG 0x00080000UL
#define COMMON_SOCKET__SEND_MSG 0x00100000UL
#define COMMON_SOCKET__NAME_BIND 0x00200000UL
-
#define COMMON_IPC__CREATE 0x00000001UL
#define COMMON_IPC__DESTROY 0x00000002UL
#define COMMON_IPC__GETATTR 0x00000004UL
@@ -49,7 +47,6 @@
#define COMMON_IPC__ASSOCIATE 0x00000040UL
#define COMMON_IPC__UNIX_READ 0x00000080UL
#define COMMON_IPC__UNIX_WRITE 0x00000100UL
-
#define FILESYSTEM__MOUNT 0x00000001UL
#define FILESYSTEM__REMOUNT 0x00000002UL
#define FILESYSTEM__UNMOUNT 0x00000004UL
@@ -60,7 +57,6 @@
#define FILESYSTEM__ASSOCIATE 0x00000080UL
#define FILESYSTEM__QUOTAMOD 0x00000100UL
#define FILESYSTEM__QUOTAGET 0x00000200UL
-
#define DIR__IOCTL 0x00000001UL
#define DIR__READ 0x00000002UL
#define DIR__WRITE 0x00000004UL
@@ -78,13 +74,11 @@
#define DIR__SWAPON 0x00004000UL
#define DIR__QUOTAON 0x00008000UL
#define DIR__MOUNTON 0x00010000UL
-
#define DIR__ADD_NAME 0x00020000UL
#define DIR__REMOVE_NAME 0x00040000UL
#define DIR__REPARENT 0x00080000UL
#define DIR__SEARCH 0x00100000UL
#define DIR__RMDIR 0x00200000UL
-
#define FILE__IOCTL 0x00000001UL
#define FILE__READ 0x00000002UL
#define FILE__WRITE 0x00000004UL
@@ -102,11 +96,9 @@
#define FILE__SWAPON 0x00004000UL
#define FILE__QUOTAON 0x00008000UL
#define FILE__MOUNTON 0x00010000UL
-
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
#define FILE__ENTRYPOINT 0x00040000UL
#define FILE__EXECMOD 0x00080000UL
-
#define LNK_FILE__IOCTL 0x00000001UL
#define LNK_FILE__READ 0x00000002UL
#define LNK_FILE__WRITE 0x00000004UL
@@ -124,7 +116,6 @@
#define LNK_FILE__SWAPON 0x00004000UL
#define LNK_FILE__QUOTAON 0x00008000UL
#define LNK_FILE__MOUNTON 0x00010000UL
-
#define CHR_FILE__IOCTL 0x00000001UL
#define CHR_FILE__READ 0x00000002UL
#define CHR_FILE__WRITE 0x00000004UL
@@ -142,11 +133,9 @@
#define CHR_FILE__SWAPON 0x00004000UL
#define CHR_FILE__QUOTAON 0x00008000UL
#define CHR_FILE__MOUNTON 0x00010000UL
-
#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
#define CHR_FILE__ENTRYPOINT 0x00040000UL
#define CHR_FILE__EXECMOD 0x00080000UL
-
#define BLK_FILE__IOCTL 0x00000001UL
#define BLK_FILE__READ 0x00000002UL
#define BLK_FILE__WRITE 0x00000004UL
@@ -164,7 +153,6 @@
#define BLK_FILE__SWAPON 0x00004000UL
#define BLK_FILE__QUOTAON 0x00008000UL
#define BLK_FILE__MOUNTON 0x00010000UL
-
#define SOCK_FILE__IOCTL 0x00000001UL
#define SOCK_FILE__READ 0x00000002UL
#define SOCK_FILE__WRITE 0x00000004UL
@@ -182,7 +170,6 @@
#define SOCK_FILE__SWAPON 0x00004000UL
#define SOCK_FILE__QUOTAON 0x00008000UL
#define SOCK_FILE__MOUNTON 0x00010000UL
-
#define FIFO_FILE__IOCTL 0x00000001UL
#define FIFO_FILE__READ 0x00000002UL
#define FIFO_FILE__WRITE 0x00000004UL
@@ -200,9 +187,7 @@
#define FIFO_FILE__SWAPON 0x00004000UL
#define FIFO_FILE__QUOTAON 0x00008000UL
#define FIFO_FILE__MOUNTON 0x00010000UL
-
#define FD__USE 0x00000001UL
-
#define SOCKET__IOCTL 0x00000001UL
#define SOCKET__READ 0x00000002UL
#define SOCKET__WRITE 0x00000004UL
@@ -225,7 +210,6 @@
#define SOCKET__RECV_MSG 0x00080000UL
#define SOCKET__SEND_MSG 0x00100000UL
#define SOCKET__NAME_BIND 0x00200000UL
-
#define TCP_SOCKET__IOCTL 0x00000001UL
#define TCP_SOCKET__READ 0x00000002UL
#define TCP_SOCKET__WRITE 0x00000004UL
@@ -248,13 +232,11 @@
#define TCP_SOCKET__RECV_MSG 0x00080000UL
#define TCP_SOCKET__SEND_MSG 0x00100000UL
#define TCP_SOCKET__NAME_BIND 0x00200000UL
-
#define TCP_SOCKET__CONNECTTO 0x00400000UL
#define TCP_SOCKET__NEWCONN 0x00800000UL
#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
#define TCP_SOCKET__NODE_BIND 0x02000000UL
#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
-
#define UDP_SOCKET__IOCTL 0x00000001UL
#define UDP_SOCKET__READ 0x00000002UL
#define UDP_SOCKET__WRITE 0x00000004UL
@@ -277,9 +259,7 @@
#define UDP_SOCKET__RECV_MSG 0x00080000UL
#define UDP_SOCKET__SEND_MSG 0x00100000UL
#define UDP_SOCKET__NAME_BIND 0x00200000UL
-
#define UDP_SOCKET__NODE_BIND 0x00400000UL
-
#define RAWIP_SOCKET__IOCTL 0x00000001UL
#define RAWIP_SOCKET__READ 0x00000002UL
#define RAWIP_SOCKET__WRITE 0x00000004UL
@@ -302,9 +282,7 @@
#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
-
#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
-
#define NODE__TCP_RECV 0x00000001UL
#define NODE__TCP_SEND 0x00000002UL
#define NODE__UDP_RECV 0x00000004UL
@@ -314,7 +292,6 @@
#define NODE__ENFORCE_DEST 0x00000040UL
#define NODE__DCCP_RECV 0x00000080UL
#define NODE__DCCP_SEND 0x00000100UL
-
#define NETIF__TCP_RECV 0x00000001UL
#define NETIF__TCP_SEND 0x00000002UL
#define NETIF__UDP_RECV 0x00000004UL
@@ -323,7 +300,6 @@
#define NETIF__RAWIP_SEND 0x00000020UL
#define NETIF__DCCP_RECV 0x00000040UL
#define NETIF__DCCP_SEND 0x00000080UL
-
#define NETLINK_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SOCKET__READ 0x00000002UL
#define NETLINK_SOCKET__WRITE 0x00000004UL
@@ -346,7 +322,6 @@
#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
-
#define PACKET_SOCKET__IOCTL 0x00000001UL
#define PACKET_SOCKET__READ 0x00000002UL
#define PACKET_SOCKET__WRITE 0x00000004UL
@@ -369,7 +344,6 @@
#define PACKET_SOCKET__RECV_MSG 0x00080000UL
#define PACKET_SOCKET__SEND_MSG 0x00100000UL
#define PACKET_SOCKET__NAME_BIND 0x00200000UL
-
#define KEY_SOCKET__IOCTL 0x00000001UL
#define KEY_SOCKET__READ 0x00000002UL
#define KEY_SOCKET__WRITE 0x00000004UL
@@ -392,7 +366,6 @@
#define KEY_SOCKET__RECV_MSG 0x00080000UL
#define KEY_SOCKET__SEND_MSG 0x00100000UL
#define KEY_SOCKET__NAME_BIND 0x00200000UL
-
#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_STREAM_SOCKET__READ 0x00000002UL
#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
@@ -415,11 +388,9 @@
#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
-
#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
-
#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
@@ -442,7 +413,6 @@
#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
-
#define PROCESS__FORK 0x00000001UL
#define PROCESS__TRANSITION 0x00000002UL
#define PROCESS__SIGCHLD 0x00000004UL
@@ -473,7 +443,6 @@
#define PROCESS__EXECHEAP 0x08000000UL
#define PROCESS__SETKEYCREATE 0x10000000UL
#define PROCESS__SETSOCKCREATE 0x20000000UL
-
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
#define IPC__GETATTR 0x00000004UL
@@ -483,7 +452,6 @@
#define IPC__ASSOCIATE 0x00000040UL
#define IPC__UNIX_READ 0x00000080UL
#define IPC__UNIX_WRITE 0x00000100UL
-
#define SEM__CREATE 0x00000001UL
#define SEM__DESTROY 0x00000002UL
#define SEM__GETATTR 0x00000004UL
@@ -493,7 +461,6 @@
#define SEM__ASSOCIATE 0x00000040UL
#define SEM__UNIX_READ 0x00000080UL
#define SEM__UNIX_WRITE 0x00000100UL
-
#define MSGQ__CREATE 0x00000001UL
#define MSGQ__DESTROY 0x00000002UL
#define MSGQ__GETATTR 0x00000004UL
@@ -503,12 +470,9 @@
#define MSGQ__ASSOCIATE 0x00000040UL
#define MSGQ__UNIX_READ 0x00000080UL
#define MSGQ__UNIX_WRITE 0x00000100UL
-
#define MSGQ__ENQUEUE 0x00000200UL
-
#define MSG__SEND 0x00000001UL
#define MSG__RECEIVE 0x00000002UL
-
#define SHM__CREATE 0x00000001UL
#define SHM__DESTROY 0x00000002UL
#define SHM__GETATTR 0x00000004UL
@@ -518,9 +482,7 @@
#define SHM__ASSOCIATE 0x00000040UL
#define SHM__UNIX_READ 0x00000080UL
#define SHM__UNIX_WRITE 0x00000100UL
-
#define SHM__LOCK 0x00000200UL
-
#define SECURITY__COMPUTE_AV 0x00000001UL
#define SECURITY__COMPUTE_CREATE 0x00000002UL
#define SECURITY__COMPUTE_MEMBER 0x00000004UL
@@ -532,12 +494,10 @@
#define SECURITY__SETBOOL 0x00000100UL
#define SECURITY__SETSECPARAM 0x00000200UL
#define SECURITY__SETCHECKREQPROT 0x00000400UL
-
#define SYSTEM__IPC_INFO 0x00000001UL
#define SYSTEM__SYSLOG_READ 0x00000002UL
#define SYSTEM__SYSLOG_MOD 0x00000004UL
#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
-
#define CAPABILITY__CHOWN 0x00000001UL
#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
@@ -569,110 +529,6 @@
#define CAPABILITY__LEASE 0x10000000UL
#define CAPABILITY__AUDIT_WRITE 0x20000000UL
#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-
-#define PASSWD__PASSWD 0x00000001UL
-#define PASSWD__CHFN 0x00000002UL
-#define PASSWD__CHSH 0x00000004UL
-#define PASSWD__ROOTOK 0x00000008UL
-#define PASSWD__CRONTAB 0x00000010UL
-
-#define DRAWABLE__CREATE 0x00000001UL
-#define DRAWABLE__DESTROY 0x00000002UL
-#define DRAWABLE__DRAW 0x00000004UL
-#define DRAWABLE__COPY 0x00000008UL
-#define DRAWABLE__GETATTR 0x00000010UL
-
-#define GC__CREATE 0x00000001UL
-#define GC__FREE 0x00000002UL
-#define GC__GETATTR 0x00000004UL
-#define GC__SETATTR 0x00000008UL
-
-#define WINDOW__ADDCHILD 0x00000001UL
-#define WINDOW__CREATE 0x00000002UL
-#define WINDOW__DESTROY 0x00000004UL
-#define WINDOW__MAP 0x00000008UL
-#define WINDOW__UNMAP 0x00000010UL
-#define WINDOW__CHSTACK 0x00000020UL
-#define WINDOW__CHPROPLIST 0x00000040UL
-#define WINDOW__CHPROP 0x00000080UL
-#define WINDOW__LISTPROP 0x00000100UL
-#define WINDOW__GETATTR 0x00000200UL
-#define WINDOW__SETATTR 0x00000400UL
-#define WINDOW__SETFOCUS 0x00000800UL
-#define WINDOW__MOVE 0x00001000UL
-#define WINDOW__CHSELECTION 0x00002000UL
-#define WINDOW__CHPARENT 0x00004000UL
-#define WINDOW__CTRLLIFE 0x00008000UL
-#define WINDOW__ENUMERATE 0x00010000UL
-#define WINDOW__TRANSPARENT 0x00020000UL
-#define WINDOW__MOUSEMOTION 0x00040000UL
-#define WINDOW__CLIENTCOMEVENT 0x00080000UL
-#define WINDOW__INPUTEVENT 0x00100000UL
-#define WINDOW__DRAWEVENT 0x00200000UL
-#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
-#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
-#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
-#define WINDOW__EXTENSIONEVENT 0x02000000UL
-
-#define FONT__LOAD 0x00000001UL
-#define FONT__FREE 0x00000002UL
-#define FONT__GETATTR 0x00000004UL
-#define FONT__USE 0x00000008UL
-
-#define COLORMAP__CREATE 0x00000001UL
-#define COLORMAP__FREE 0x00000002UL
-#define COLORMAP__INSTALL 0x00000004UL
-#define COLORMAP__UNINSTALL 0x00000008UL
-#define COLORMAP__LIST 0x00000010UL
-#define COLORMAP__READ 0x00000020UL
-#define COLORMAP__STORE 0x00000040UL
-#define COLORMAP__GETATTR 0x00000080UL
-#define COLORMAP__SETATTR 0x00000100UL
-
-#define PROPERTY__CREATE 0x00000001UL
-#define PROPERTY__FREE 0x00000002UL
-#define PROPERTY__READ 0x00000004UL
-#define PROPERTY__WRITE 0x00000008UL
-
-#define CURSOR__CREATE 0x00000001UL
-#define CURSOR__CREATEGLYPH 0x00000002UL
-#define CURSOR__FREE 0x00000004UL
-#define CURSOR__ASSIGN 0x00000008UL
-#define CURSOR__SETATTR 0x00000010UL
-
-#define XCLIENT__KILL 0x00000001UL
-
-#define XINPUT__LOOKUP 0x00000001UL
-#define XINPUT__GETATTR 0x00000002UL
-#define XINPUT__SETATTR 0x00000004UL
-#define XINPUT__SETFOCUS 0x00000008UL
-#define XINPUT__WARPPOINTER 0x00000010UL
-#define XINPUT__ACTIVEGRAB 0x00000020UL
-#define XINPUT__PASSIVEGRAB 0x00000040UL
-#define XINPUT__UNGRAB 0x00000080UL
-#define XINPUT__BELL 0x00000100UL
-#define XINPUT__MOUSEMOTION 0x00000200UL
-#define XINPUT__RELABELINPUT 0x00000400UL
-
-#define XSERVER__SCREENSAVER 0x00000001UL
-#define XSERVER__GETHOSTLIST 0x00000002UL
-#define XSERVER__SETHOSTLIST 0x00000004UL
-#define XSERVER__GETFONTPATH 0x00000008UL
-#define XSERVER__SETFONTPATH 0x00000010UL
-#define XSERVER__GETATTR 0x00000020UL
-#define XSERVER__GRAB 0x00000040UL
-#define XSERVER__UNGRAB 0x00000080UL
-
-#define XEXTENSION__QUERY 0x00000001UL
-#define XEXTENSION__USE 0x00000002UL
-
-#define PAX__PAGEEXEC 0x00000001UL
-#define PAX__EMUTRAMP 0x00000002UL
-#define PAX__MPROTECT 0x00000004UL
-#define PAX__RANDMMAP 0x00000008UL
-#define PAX__RANDEXEC 0x00000010UL
-#define PAX__SEGMEXEC 0x00000020UL
-
#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
@@ -695,10 +551,8 @@
#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
@@ -721,10 +575,8 @@
#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
@@ -747,10 +599,8 @@
#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
@@ -773,7 +623,6 @@
#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
@@ -796,10 +645,8 @@
#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
@@ -822,7 +669,6 @@
#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
@@ -845,12 +691,10 @@
#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
-
#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
@@ -873,10 +717,8 @@
#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
-
#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
-
#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
@@ -899,24 +741,10 @@
#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-
-#define DBUS__ACQUIRE_SVC 0x00000001UL
-#define DBUS__SEND_MSG 0x00000002UL
-
-#define NSCD__GETPWD 0x00000001UL
-#define NSCD__GETGRP 0x00000002UL
-#define NSCD__GETHOST 0x00000004UL
-#define NSCD__GETSTAT 0x00000008UL
-#define NSCD__ADMIN 0x00000010UL
-#define NSCD__SHMEMPWD 0x00000020UL
-#define NSCD__SHMEMGRP 0x00000040UL
-#define NSCD__SHMEMHOST 0x00000080UL
-
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
#define ASSOCIATION__SETCONTEXT 0x00000004UL
#define ASSOCIATION__POLMATCH 0x00000008UL
-
#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
@@ -939,7 +767,6 @@
#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
-
#define APPLETALK_SOCKET__IOCTL 0x00000001UL
#define APPLETALK_SOCKET__READ 0x00000002UL
#define APPLETALK_SOCKET__WRITE 0x00000004UL
@@ -962,11 +789,9 @@
#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
-
#define PACKET__SEND 0x00000001UL
#define PACKET__RECV 0x00000002UL
#define PACKET__RELABELTO 0x00000004UL
-
#define KEY__VIEW 0x00000001UL
#define KEY__READ 0x00000002UL
#define KEY__WRITE 0x00000004UL
@@ -974,10 +799,6 @@
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
-
-#define CONTEXT__TRANSLATE 0x00000001UL
-#define CONTEXT__CONTAINS 0x00000002UL
-
#define DCCP_SOCKET__IOCTL 0x00000001UL
#define DCCP_SOCKET__READ 0x00000002UL
#define DCCP_SOCKET__WRITE 0x00000004UL
diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
index 9f3ebb1..3787990 100644
--- a/security/selinux/include/class_to_string.h
+++ b/security/selinux/include/class_to_string.h
@@ -2,7 +2,7 @@
/*
* Security object class definitions
*/
- S_("null")
+ S_(NULL)
S_("security")
S_("process")
S_("system")
@@ -32,19 +32,19 @@
S_("msgq")
S_("shm")
S_("ipc")
- S_("passwd")
- S_("drawable")
- S_("window")
- S_("gc")
- S_("font")
- S_("colormap")
- S_("property")
- S_("cursor")
- S_("xclient")
- S_("xinput")
- S_("xserver")
- S_("xextension")
- S_("pax")
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
+ S_(NULL)
S_("netlink_route_socket")
S_("netlink_firewall_socket")
S_("netlink_tcpdiag_socket")
@@ -54,12 +54,12 @@
S_("netlink_audit_socket")
S_("netlink_ip6fw_socket")
S_("netlink_dnrt_socket")
- S_("dbus")
- S_("nscd")
+ S_(NULL)
+ S_(NULL)
S_("association")
S_("netlink_kobject_uevent_socket")
S_("appletalk_socket")
S_("packet")
S_("key")
- S_("context")
+ S_(NULL)
S_("dccp_socket")
diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h
diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
index 67cef37..35f309f 100644
--- a/security/selinux/include/flask.h
+++ b/security/selinux/include/flask.h
@@ -34,19 +34,6 @@
#define SECCLASS_MSGQ 27
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
-#define SECCLASS_PASSWD 30
-#define SECCLASS_DRAWABLE 31
-#define SECCLASS_WINDOW 32
-#define SECCLASS_GC 33
-#define SECCLASS_FONT 34
-#define SECCLASS_COLORMAP 35
-#define SECCLASS_PROPERTY 36
-#define SECCLASS_CURSOR 37
-#define SECCLASS_XCLIENT 38
-#define SECCLASS_XINPUT 39
-#define SECCLASS_XSERVER 40
-#define SECCLASS_XEXTENSION 41
-#define SECCLASS_PAX 42
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
@@ -56,14 +43,11 @@
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
#define SECCLASS_NETLINK_DNRT_SOCKET 51
-#define SECCLASS_DBUS 52
-#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
-#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
/*
diff --git a/security/selinux/include/initial_sid_to_string.h b/security/selinux/include/initial_sid_to_string.h
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 1e52356..3668f18 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
for (i = 1; i < kdefs->cts_len; i++) {
def_class = kdefs->class_to_string[i];
+ if (!def_class)
+ continue;
if (i > p->p_classes.nprim) {
printk(KERN_INFO
"security: class %s not defined in policy\n",
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-26 15:23 ` Stephen Smalley
@ 2007-03-26 17:40 ` Stephen Smalley
2007-03-30 19:44 ` Stephen Smalley
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-26 17:40 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Mon, 2007-03-26 at 11:23 -0400, Stephen Smalley wrote:
> On Fri, 2007-03-23 at 15:37 -0400, Christopher J. PeBenito wrote:
> > On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> > > On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > > > I reverted the comment change and changed "null" to NULL. Is this what
> > > > you had in mind (it doesn't have the PAX change yet)?
> > >
> > > Yes, looks sane. We would then apply that diff (re-based to the kernel
> > > tree) along with a patch like the following untested one (added a guard
> > > to both avc_dump_query and validate_classes despite my earlier comment).
> >
> > I have merged this into trunk and marked pax as userland so it can be
> > reclaimed.
>
> Thanks. Combining the resulting diff of the generated headers and my
> patch to add guards for the NULL values, the overall patch is as follows
> (still building, not yet tested).
Ok, the patched kernel behaves as expected, and was able to load a
policy with changed X-related class definitions whereas an unpatched
kernel rejected such a policy at load time. Re-sent the patch with
signed-off-by line to James separately for -mm.
>
> [patch 1/1] selinux: remove userland class and permission definitions from the kernel
>
> Remove userland security classes and permissions from the kernel.
>
> ---
>
> security/selinux/avc.c | 2
> security/selinux/include/av_perm_to_string.h | 102 ---------------
> security/selinux/include/av_permissions.h | 179 ---------------------------
> security/selinux/include/class_to_string.h | 34 ++---
> security/selinux/include/flask.h | 16 --
> security/selinux/ss/services.c | 2
> 6 files changed, 21 insertions(+), 314 deletions(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index da8caf1..e4396a8 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -217,6 +217,8 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
> audit_log_format(ab, " tcontext=%s", scontext);
> kfree(scontext);
> }
> +
> + BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]);
> audit_log_format(ab, " tclass=%s", class_to_string[tclass]);
> }
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> diff --git a/security/selinux/include/av_inherit.h b/security/selinux/include/av_inherit.h
> diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
> index ad9fb2d..b83e740 100644
> --- a/security/selinux/include/av_perm_to_string.h
> +++ b/security/selinux/include/av_perm_to_string.h
> @@ -128,96 +128,6 @@
> S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
> S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
> S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
> - S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
> - S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
> - S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
> - S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
> - S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
> - S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
> - S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
> - S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
> - S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
> - S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
> - S_(SECCLASS_GC, GC__CREATE, "create")
> - S_(SECCLASS_GC, GC__FREE, "free")
> - S_(SECCLASS_GC, GC__GETATTR, "getattr")
> - S_(SECCLASS_GC, GC__SETATTR, "setattr")
> - S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
> - S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
> - S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
> - S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
> - S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
> - S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
> - S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
> - S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
> - S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
> - S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
> - S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
> - S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
> - S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
> - S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
> - S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
> - S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
> - S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
> - S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
> - S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
> - S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
> - S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
> - S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
> - S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
> - S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
> - S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
> - S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
> - S_(SECCLASS_FONT, FONT__LOAD, "load")
> - S_(SECCLASS_FONT, FONT__FREE, "free")
> - S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
> - S_(SECCLASS_FONT, FONT__USE, "use")
> - S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
> - S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
> - S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
> - S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
> - S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
> - S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
> - S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
> - S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
> - S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
> - S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
> - S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
> - S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
> - S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
> - S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
> - S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
> - S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
> - S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
> - S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
> - S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
> - S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
> - S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
> - S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
> - S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
> - S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
> - S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
> - S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
> - S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
> - S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
> - S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
> - S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
> - S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
> - S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
> - S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
> - S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
> - S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
> - S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
> - S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
> - S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
> - S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
> - S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
> - S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
> - S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
> - S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
> - S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
> - S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
> - S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
> S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
> S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
> S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
> @@ -232,16 +142,6 @@
> S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
> S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
> S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
> - S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
> - S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
> - S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
> - S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
> - S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
> - S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
> - S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
> - S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
> - S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
> - S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
> S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
> S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
> S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
> @@ -256,7 +156,5 @@
> S_(SECCLASS_KEY, KEY__LINK, "link")
> S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
> S_(SECCLASS_KEY, KEY__CREATE, "create")
> - S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
> - S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
> S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
> S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
> diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
> index 2de4b5f..5fee173 100644
> --- a/security/selinux/include/av_permissions.h
> +++ b/security/selinux/include/av_permissions.h
> @@ -16,7 +16,6 @@
> #define COMMON_FILE__SWAPON 0x00004000UL
> #define COMMON_FILE__QUOTAON 0x00008000UL
> #define COMMON_FILE__MOUNTON 0x00010000UL
> -
> #define COMMON_SOCKET__IOCTL 0x00000001UL
> #define COMMON_SOCKET__READ 0x00000002UL
> #define COMMON_SOCKET__WRITE 0x00000004UL
> @@ -39,7 +38,6 @@
> #define COMMON_SOCKET__RECV_MSG 0x00080000UL
> #define COMMON_SOCKET__SEND_MSG 0x00100000UL
> #define COMMON_SOCKET__NAME_BIND 0x00200000UL
> -
> #define COMMON_IPC__CREATE 0x00000001UL
> #define COMMON_IPC__DESTROY 0x00000002UL
> #define COMMON_IPC__GETATTR 0x00000004UL
> @@ -49,7 +47,6 @@
> #define COMMON_IPC__ASSOCIATE 0x00000040UL
> #define COMMON_IPC__UNIX_READ 0x00000080UL
> #define COMMON_IPC__UNIX_WRITE 0x00000100UL
> -
> #define FILESYSTEM__MOUNT 0x00000001UL
> #define FILESYSTEM__REMOUNT 0x00000002UL
> #define FILESYSTEM__UNMOUNT 0x00000004UL
> @@ -60,7 +57,6 @@
> #define FILESYSTEM__ASSOCIATE 0x00000080UL
> #define FILESYSTEM__QUOTAMOD 0x00000100UL
> #define FILESYSTEM__QUOTAGET 0x00000200UL
> -
> #define DIR__IOCTL 0x00000001UL
> #define DIR__READ 0x00000002UL
> #define DIR__WRITE 0x00000004UL
> @@ -78,13 +74,11 @@
> #define DIR__SWAPON 0x00004000UL
> #define DIR__QUOTAON 0x00008000UL
> #define DIR__MOUNTON 0x00010000UL
> -
> #define DIR__ADD_NAME 0x00020000UL
> #define DIR__REMOVE_NAME 0x00040000UL
> #define DIR__REPARENT 0x00080000UL
> #define DIR__SEARCH 0x00100000UL
> #define DIR__RMDIR 0x00200000UL
> -
> #define FILE__IOCTL 0x00000001UL
> #define FILE__READ 0x00000002UL
> #define FILE__WRITE 0x00000004UL
> @@ -102,11 +96,9 @@
> #define FILE__SWAPON 0x00004000UL
> #define FILE__QUOTAON 0x00008000UL
> #define FILE__MOUNTON 0x00010000UL
> -
> #define FILE__EXECUTE_NO_TRANS 0x00020000UL
> #define FILE__ENTRYPOINT 0x00040000UL
> #define FILE__EXECMOD 0x00080000UL
> -
> #define LNK_FILE__IOCTL 0x00000001UL
> #define LNK_FILE__READ 0x00000002UL
> #define LNK_FILE__WRITE 0x00000004UL
> @@ -124,7 +116,6 @@
> #define LNK_FILE__SWAPON 0x00004000UL
> #define LNK_FILE__QUOTAON 0x00008000UL
> #define LNK_FILE__MOUNTON 0x00010000UL
> -
> #define CHR_FILE__IOCTL 0x00000001UL
> #define CHR_FILE__READ 0x00000002UL
> #define CHR_FILE__WRITE 0x00000004UL
> @@ -142,11 +133,9 @@
> #define CHR_FILE__SWAPON 0x00004000UL
> #define CHR_FILE__QUOTAON 0x00008000UL
> #define CHR_FILE__MOUNTON 0x00010000UL
> -
> #define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
> #define CHR_FILE__ENTRYPOINT 0x00040000UL
> #define CHR_FILE__EXECMOD 0x00080000UL
> -
> #define BLK_FILE__IOCTL 0x00000001UL
> #define BLK_FILE__READ 0x00000002UL
> #define BLK_FILE__WRITE 0x00000004UL
> @@ -164,7 +153,6 @@
> #define BLK_FILE__SWAPON 0x00004000UL
> #define BLK_FILE__QUOTAON 0x00008000UL
> #define BLK_FILE__MOUNTON 0x00010000UL
> -
> #define SOCK_FILE__IOCTL 0x00000001UL
> #define SOCK_FILE__READ 0x00000002UL
> #define SOCK_FILE__WRITE 0x00000004UL
> @@ -182,7 +170,6 @@
> #define SOCK_FILE__SWAPON 0x00004000UL
> #define SOCK_FILE__QUOTAON 0x00008000UL
> #define SOCK_FILE__MOUNTON 0x00010000UL
> -
> #define FIFO_FILE__IOCTL 0x00000001UL
> #define FIFO_FILE__READ 0x00000002UL
> #define FIFO_FILE__WRITE 0x00000004UL
> @@ -200,9 +187,7 @@
> #define FIFO_FILE__SWAPON 0x00004000UL
> #define FIFO_FILE__QUOTAON 0x00008000UL
> #define FIFO_FILE__MOUNTON 0x00010000UL
> -
> #define FD__USE 0x00000001UL
> -
> #define SOCKET__IOCTL 0x00000001UL
> #define SOCKET__READ 0x00000002UL
> #define SOCKET__WRITE 0x00000004UL
> @@ -225,7 +210,6 @@
> #define SOCKET__RECV_MSG 0x00080000UL
> #define SOCKET__SEND_MSG 0x00100000UL
> #define SOCKET__NAME_BIND 0x00200000UL
> -
> #define TCP_SOCKET__IOCTL 0x00000001UL
> #define TCP_SOCKET__READ 0x00000002UL
> #define TCP_SOCKET__WRITE 0x00000004UL
> @@ -248,13 +232,11 @@
> #define TCP_SOCKET__RECV_MSG 0x00080000UL
> #define TCP_SOCKET__SEND_MSG 0x00100000UL
> #define TCP_SOCKET__NAME_BIND 0x00200000UL
> -
> #define TCP_SOCKET__CONNECTTO 0x00400000UL
> #define TCP_SOCKET__NEWCONN 0x00800000UL
> #define TCP_SOCKET__ACCEPTFROM 0x01000000UL
> #define TCP_SOCKET__NODE_BIND 0x02000000UL
> #define TCP_SOCKET__NAME_CONNECT 0x04000000UL
> -
> #define UDP_SOCKET__IOCTL 0x00000001UL
> #define UDP_SOCKET__READ 0x00000002UL
> #define UDP_SOCKET__WRITE 0x00000004UL
> @@ -277,9 +259,7 @@
> #define UDP_SOCKET__RECV_MSG 0x00080000UL
> #define UDP_SOCKET__SEND_MSG 0x00100000UL
> #define UDP_SOCKET__NAME_BIND 0x00200000UL
> -
> #define UDP_SOCKET__NODE_BIND 0x00400000UL
> -
> #define RAWIP_SOCKET__IOCTL 0x00000001UL
> #define RAWIP_SOCKET__READ 0x00000002UL
> #define RAWIP_SOCKET__WRITE 0x00000004UL
> @@ -302,9 +282,7 @@
> #define RAWIP_SOCKET__RECV_MSG 0x00080000UL
> #define RAWIP_SOCKET__SEND_MSG 0x00100000UL
> #define RAWIP_SOCKET__NAME_BIND 0x00200000UL
> -
> #define RAWIP_SOCKET__NODE_BIND 0x00400000UL
> -
> #define NODE__TCP_RECV 0x00000001UL
> #define NODE__TCP_SEND 0x00000002UL
> #define NODE__UDP_RECV 0x00000004UL
> @@ -314,7 +292,6 @@
> #define NODE__ENFORCE_DEST 0x00000040UL
> #define NODE__DCCP_RECV 0x00000080UL
> #define NODE__DCCP_SEND 0x00000100UL
> -
> #define NETIF__TCP_RECV 0x00000001UL
> #define NETIF__TCP_SEND 0x00000002UL
> #define NETIF__UDP_RECV 0x00000004UL
> @@ -323,7 +300,6 @@
> #define NETIF__RAWIP_SEND 0x00000020UL
> #define NETIF__DCCP_RECV 0x00000040UL
> #define NETIF__DCCP_SEND 0x00000080UL
> -
> #define NETLINK_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_SOCKET__READ 0x00000002UL
> #define NETLINK_SOCKET__WRITE 0x00000004UL
> @@ -346,7 +322,6 @@
> #define NETLINK_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_SOCKET__NAME_BIND 0x00200000UL
> -
> #define PACKET_SOCKET__IOCTL 0x00000001UL
> #define PACKET_SOCKET__READ 0x00000002UL
> #define PACKET_SOCKET__WRITE 0x00000004UL
> @@ -369,7 +344,6 @@
> #define PACKET_SOCKET__RECV_MSG 0x00080000UL
> #define PACKET_SOCKET__SEND_MSG 0x00100000UL
> #define PACKET_SOCKET__NAME_BIND 0x00200000UL
> -
> #define KEY_SOCKET__IOCTL 0x00000001UL
> #define KEY_SOCKET__READ 0x00000002UL
> #define KEY_SOCKET__WRITE 0x00000004UL
> @@ -392,7 +366,6 @@
> #define KEY_SOCKET__RECV_MSG 0x00080000UL
> #define KEY_SOCKET__SEND_MSG 0x00100000UL
> #define KEY_SOCKET__NAME_BIND 0x00200000UL
> -
> #define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
> #define UNIX_STREAM_SOCKET__READ 0x00000002UL
> #define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
> @@ -415,11 +388,9 @@
> #define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
> #define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
> #define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
> -
> #define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
> #define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
> #define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
> -
> #define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
> #define UNIX_DGRAM_SOCKET__READ 0x00000002UL
> #define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
> @@ -442,7 +413,6 @@
> #define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
> #define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
> #define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
> -
> #define PROCESS__FORK 0x00000001UL
> #define PROCESS__TRANSITION 0x00000002UL
> #define PROCESS__SIGCHLD 0x00000004UL
> @@ -473,7 +443,6 @@
> #define PROCESS__EXECHEAP 0x08000000UL
> #define PROCESS__SETKEYCREATE 0x10000000UL
> #define PROCESS__SETSOCKCREATE 0x20000000UL
> -
> #define IPC__CREATE 0x00000001UL
> #define IPC__DESTROY 0x00000002UL
> #define IPC__GETATTR 0x00000004UL
> @@ -483,7 +452,6 @@
> #define IPC__ASSOCIATE 0x00000040UL
> #define IPC__UNIX_READ 0x00000080UL
> #define IPC__UNIX_WRITE 0x00000100UL
> -
> #define SEM__CREATE 0x00000001UL
> #define SEM__DESTROY 0x00000002UL
> #define SEM__GETATTR 0x00000004UL
> @@ -493,7 +461,6 @@
> #define SEM__ASSOCIATE 0x00000040UL
> #define SEM__UNIX_READ 0x00000080UL
> #define SEM__UNIX_WRITE 0x00000100UL
> -
> #define MSGQ__CREATE 0x00000001UL
> #define MSGQ__DESTROY 0x00000002UL
> #define MSGQ__GETATTR 0x00000004UL
> @@ -503,12 +470,9 @@
> #define MSGQ__ASSOCIATE 0x00000040UL
> #define MSGQ__UNIX_READ 0x00000080UL
> #define MSGQ__UNIX_WRITE 0x00000100UL
> -
> #define MSGQ__ENQUEUE 0x00000200UL
> -
> #define MSG__SEND 0x00000001UL
> #define MSG__RECEIVE 0x00000002UL
> -
> #define SHM__CREATE 0x00000001UL
> #define SHM__DESTROY 0x00000002UL
> #define SHM__GETATTR 0x00000004UL
> @@ -518,9 +482,7 @@
> #define SHM__ASSOCIATE 0x00000040UL
> #define SHM__UNIX_READ 0x00000080UL
> #define SHM__UNIX_WRITE 0x00000100UL
> -
> #define SHM__LOCK 0x00000200UL
> -
> #define SECURITY__COMPUTE_AV 0x00000001UL
> #define SECURITY__COMPUTE_CREATE 0x00000002UL
> #define SECURITY__COMPUTE_MEMBER 0x00000004UL
> @@ -532,12 +494,10 @@
> #define SECURITY__SETBOOL 0x00000100UL
> #define SECURITY__SETSECPARAM 0x00000200UL
> #define SECURITY__SETCHECKREQPROT 0x00000400UL
> -
> #define SYSTEM__IPC_INFO 0x00000001UL
> #define SYSTEM__SYSLOG_READ 0x00000002UL
> #define SYSTEM__SYSLOG_MOD 0x00000004UL
> #define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
> -
> #define CAPABILITY__CHOWN 0x00000001UL
> #define CAPABILITY__DAC_OVERRIDE 0x00000002UL
> #define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
> @@ -569,110 +529,6 @@
> #define CAPABILITY__LEASE 0x10000000UL
> #define CAPABILITY__AUDIT_WRITE 0x20000000UL
> #define CAPABILITY__AUDIT_CONTROL 0x40000000UL
> -
> -#define PASSWD__PASSWD 0x00000001UL
> -#define PASSWD__CHFN 0x00000002UL
> -#define PASSWD__CHSH 0x00000004UL
> -#define PASSWD__ROOTOK 0x00000008UL
> -#define PASSWD__CRONTAB 0x00000010UL
> -
> -#define DRAWABLE__CREATE 0x00000001UL
> -#define DRAWABLE__DESTROY 0x00000002UL
> -#define DRAWABLE__DRAW 0x00000004UL
> -#define DRAWABLE__COPY 0x00000008UL
> -#define DRAWABLE__GETATTR 0x00000010UL
> -
> -#define GC__CREATE 0x00000001UL
> -#define GC__FREE 0x00000002UL
> -#define GC__GETATTR 0x00000004UL
> -#define GC__SETATTR 0x00000008UL
> -
> -#define WINDOW__ADDCHILD 0x00000001UL
> -#define WINDOW__CREATE 0x00000002UL
> -#define WINDOW__DESTROY 0x00000004UL
> -#define WINDOW__MAP 0x00000008UL
> -#define WINDOW__UNMAP 0x00000010UL
> -#define WINDOW__CHSTACK 0x00000020UL
> -#define WINDOW__CHPROPLIST 0x00000040UL
> -#define WINDOW__CHPROP 0x00000080UL
> -#define WINDOW__LISTPROP 0x00000100UL
> -#define WINDOW__GETATTR 0x00000200UL
> -#define WINDOW__SETATTR 0x00000400UL
> -#define WINDOW__SETFOCUS 0x00000800UL
> -#define WINDOW__MOVE 0x00001000UL
> -#define WINDOW__CHSELECTION 0x00002000UL
> -#define WINDOW__CHPARENT 0x00004000UL
> -#define WINDOW__CTRLLIFE 0x00008000UL
> -#define WINDOW__ENUMERATE 0x00010000UL
> -#define WINDOW__TRANSPARENT 0x00020000UL
> -#define WINDOW__MOUSEMOTION 0x00040000UL
> -#define WINDOW__CLIENTCOMEVENT 0x00080000UL
> -#define WINDOW__INPUTEVENT 0x00100000UL
> -#define WINDOW__DRAWEVENT 0x00200000UL
> -#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
> -#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
> -#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
> -#define WINDOW__EXTENSIONEVENT 0x02000000UL
> -
> -#define FONT__LOAD 0x00000001UL
> -#define FONT__FREE 0x00000002UL
> -#define FONT__GETATTR 0x00000004UL
> -#define FONT__USE 0x00000008UL
> -
> -#define COLORMAP__CREATE 0x00000001UL
> -#define COLORMAP__FREE 0x00000002UL
> -#define COLORMAP__INSTALL 0x00000004UL
> -#define COLORMAP__UNINSTALL 0x00000008UL
> -#define COLORMAP__LIST 0x00000010UL
> -#define COLORMAP__READ 0x00000020UL
> -#define COLORMAP__STORE 0x00000040UL
> -#define COLORMAP__GETATTR 0x00000080UL
> -#define COLORMAP__SETATTR 0x00000100UL
> -
> -#define PROPERTY__CREATE 0x00000001UL
> -#define PROPERTY__FREE 0x00000002UL
> -#define PROPERTY__READ 0x00000004UL
> -#define PROPERTY__WRITE 0x00000008UL
> -
> -#define CURSOR__CREATE 0x00000001UL
> -#define CURSOR__CREATEGLYPH 0x00000002UL
> -#define CURSOR__FREE 0x00000004UL
> -#define CURSOR__ASSIGN 0x00000008UL
> -#define CURSOR__SETATTR 0x00000010UL
> -
> -#define XCLIENT__KILL 0x00000001UL
> -
> -#define XINPUT__LOOKUP 0x00000001UL
> -#define XINPUT__GETATTR 0x00000002UL
> -#define XINPUT__SETATTR 0x00000004UL
> -#define XINPUT__SETFOCUS 0x00000008UL
> -#define XINPUT__WARPPOINTER 0x00000010UL
> -#define XINPUT__ACTIVEGRAB 0x00000020UL
> -#define XINPUT__PASSIVEGRAB 0x00000040UL
> -#define XINPUT__UNGRAB 0x00000080UL
> -#define XINPUT__BELL 0x00000100UL
> -#define XINPUT__MOUSEMOTION 0x00000200UL
> -#define XINPUT__RELABELINPUT 0x00000400UL
> -
> -#define XSERVER__SCREENSAVER 0x00000001UL
> -#define XSERVER__GETHOSTLIST 0x00000002UL
> -#define XSERVER__SETHOSTLIST 0x00000004UL
> -#define XSERVER__GETFONTPATH 0x00000008UL
> -#define XSERVER__SETFONTPATH 0x00000010UL
> -#define XSERVER__GETATTR 0x00000020UL
> -#define XSERVER__GRAB 0x00000040UL
> -#define XSERVER__UNGRAB 0x00000080UL
> -
> -#define XEXTENSION__QUERY 0x00000001UL
> -#define XEXTENSION__USE 0x00000002UL
> -
> -#define PAX__PAGEEXEC 0x00000001UL
> -#define PAX__EMUTRAMP 0x00000002UL
> -#define PAX__MPROTECT 0x00000004UL
> -#define PAX__RANDMMAP 0x00000008UL
> -#define PAX__RANDEXEC 0x00000010UL
> -#define PAX__SEGMEXEC 0x00000020UL
> -
> #define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
> #define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
> @@ -695,10 +551,8 @@
> #define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
> -
> #define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
> #define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
> @@ -721,10 +575,8 @@
> #define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
> -
> #define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
> #define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
> @@ -747,10 +599,8 @@
> #define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
> -
> #define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
> #define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
> @@ -773,7 +623,6 @@
> #define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_XFRM_SOCKET__READ 0x00000002UL
> #define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
> @@ -796,10 +645,8 @@
> #define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
> -
> #define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
> #define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
> @@ -822,7 +669,6 @@
> #define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
> #define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
> @@ -845,12 +691,10 @@
> #define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
> #define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
> #define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
> -
> #define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
> #define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
> @@ -873,10 +717,8 @@
> #define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
> -
> #define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
> #define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
> -
> #define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_DNRT_SOCKET__READ 0x00000002UL
> #define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
> @@ -899,24 +741,10 @@
> #define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
> -
> -#define DBUS__ACQUIRE_SVC 0x00000001UL
> -#define DBUS__SEND_MSG 0x00000002UL
> -
> -#define NSCD__GETPWD 0x00000001UL
> -#define NSCD__GETGRP 0x00000002UL
> -#define NSCD__GETHOST 0x00000004UL
> -#define NSCD__GETSTAT 0x00000008UL
> -#define NSCD__ADMIN 0x00000010UL
> -#define NSCD__SHMEMPWD 0x00000020UL
> -#define NSCD__SHMEMGRP 0x00000040UL
> -#define NSCD__SHMEMHOST 0x00000080UL
> -
> #define ASSOCIATION__SENDTO 0x00000001UL
> #define ASSOCIATION__RECVFROM 0x00000002UL
> #define ASSOCIATION__SETCONTEXT 0x00000004UL
> #define ASSOCIATION__POLMATCH 0x00000008UL
> -
> #define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
> #define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
> #define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
> @@ -939,7 +767,6 @@
> #define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
> #define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
> #define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
> -
> #define APPLETALK_SOCKET__IOCTL 0x00000001UL
> #define APPLETALK_SOCKET__READ 0x00000002UL
> #define APPLETALK_SOCKET__WRITE 0x00000004UL
> @@ -962,11 +789,9 @@
> #define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
> #define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
> #define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
> -
> #define PACKET__SEND 0x00000001UL
> #define PACKET__RECV 0x00000002UL
> #define PACKET__RELABELTO 0x00000004UL
> -
> #define KEY__VIEW 0x00000001UL
> #define KEY__READ 0x00000002UL
> #define KEY__WRITE 0x00000004UL
> @@ -974,10 +799,6 @@
> #define KEY__LINK 0x00000010UL
> #define KEY__SETATTR 0x00000020UL
> #define KEY__CREATE 0x00000040UL
> -
> -#define CONTEXT__TRANSLATE 0x00000001UL
> -#define CONTEXT__CONTAINS 0x00000002UL
> -
> #define DCCP_SOCKET__IOCTL 0x00000001UL
> #define DCCP_SOCKET__READ 0x00000002UL
> #define DCCP_SOCKET__WRITE 0x00000004UL
> diff --git a/security/selinux/include/class_to_string.h b/security/selinux/include/class_to_string.h
> index 9f3ebb1..3787990 100644
> --- a/security/selinux/include/class_to_string.h
> +++ b/security/selinux/include/class_to_string.h
> @@ -2,7 +2,7 @@
> /*
> * Security object class definitions
> */
> - S_("null")
> + S_(NULL)
> S_("security")
> S_("process")
> S_("system")
> @@ -32,19 +32,19 @@
> S_("msgq")
> S_("shm")
> S_("ipc")
> - S_("passwd")
> - S_("drawable")
> - S_("window")
> - S_("gc")
> - S_("font")
> - S_("colormap")
> - S_("property")
> - S_("cursor")
> - S_("xclient")
> - S_("xinput")
> - S_("xserver")
> - S_("xextension")
> - S_("pax")
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> + S_(NULL)
> S_("netlink_route_socket")
> S_("netlink_firewall_socket")
> S_("netlink_tcpdiag_socket")
> @@ -54,12 +54,12 @@
> S_("netlink_audit_socket")
> S_("netlink_ip6fw_socket")
> S_("netlink_dnrt_socket")
> - S_("dbus")
> - S_("nscd")
> + S_(NULL)
> + S_(NULL)
> S_("association")
> S_("netlink_kobject_uevent_socket")
> S_("appletalk_socket")
> S_("packet")
> S_("key")
> - S_("context")
> + S_(NULL)
> S_("dccp_socket")
> diff --git a/security/selinux/include/common_perm_to_string.h b/security/selinux/include/common_perm_to_string.h
> diff --git a/security/selinux/include/flask.h b/security/selinux/include/flask.h
> index 67cef37..35f309f 100644
> --- a/security/selinux/include/flask.h
> +++ b/security/selinux/include/flask.h
> @@ -34,19 +34,6 @@
> #define SECCLASS_MSGQ 27
> #define SECCLASS_SHM 28
> #define SECCLASS_IPC 29
> -#define SECCLASS_PASSWD 30
> -#define SECCLASS_DRAWABLE 31
> -#define SECCLASS_WINDOW 32
> -#define SECCLASS_GC 33
> -#define SECCLASS_FONT 34
> -#define SECCLASS_COLORMAP 35
> -#define SECCLASS_PROPERTY 36
> -#define SECCLASS_CURSOR 37
> -#define SECCLASS_XCLIENT 38
> -#define SECCLASS_XINPUT 39
> -#define SECCLASS_XSERVER 40
> -#define SECCLASS_XEXTENSION 41
> -#define SECCLASS_PAX 42
> #define SECCLASS_NETLINK_ROUTE_SOCKET 43
> #define SECCLASS_NETLINK_FIREWALL_SOCKET 44
> #define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
> @@ -56,14 +43,11 @@
> #define SECCLASS_NETLINK_AUDIT_SOCKET 49
> #define SECCLASS_NETLINK_IP6FW_SOCKET 50
> #define SECCLASS_NETLINK_DNRT_SOCKET 51
> -#define SECCLASS_DBUS 52
> -#define SECCLASS_NSCD 53
> #define SECCLASS_ASSOCIATION 54
> #define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
> #define SECCLASS_APPLETALK_SOCKET 56
> #define SECCLASS_PACKET 57
> #define SECCLASS_KEY 58
> -#define SECCLASS_CONTEXT 59
> #define SECCLASS_DCCP_SOCKET 60
>
> /*
> diff --git a/security/selinux/include/initial_sid_to_string.h b/security/selinux/include/initial_sid_to_string.h
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 1e52356..3668f18 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -1050,6 +1050,8 @@ static int validate_classes(struct policydb *p)
>
> for (i = 1; i < kdefs->cts_len; i++) {
> def_class = kdefs->class_to_string[i];
> + if (!def_class)
> + continue;
> if (i > p->p_classes.nprim) {
> printk(KERN_INFO
> "security: class %s not defined in policy\n",
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-26 17:40 ` Stephen Smalley
@ 2007-03-30 19:44 ` Stephen Smalley
2007-03-30 20:30 ` Christopher J. PeBenito
0 siblings, 1 reply; 15+ messages in thread
From: Stephen Smalley @ 2007-03-30 19:44 UTC (permalink / raw)
To: Christopher J. PeBenito
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Mon, 2007-03-26 at 13:40 -0400, Stephen Smalley wrote:
> On Mon, 2007-03-26 at 11:23 -0400, Stephen Smalley wrote:
> > On Fri, 2007-03-23 at 15:37 -0400, Christopher J. PeBenito wrote:
> > > On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> > > > On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > > > > I reverted the comment change and changed "null" to NULL. Is this what
> > > > > you had in mind (it doesn't have the PAX change yet)?
> > > >
> > > > Yes, looks sane. We would then apply that diff (re-based to the kernel
> > > > tree) along with a patch like the following untested one (added a guard
> > > > to both avc_dump_query and validate_classes despite my earlier comment).
> > >
> > > I have merged this into trunk and marked pax as userland so it can be
> > > reclaimed.
> >
> > Thanks. Combining the resulting diff of the generated headers and my
> > patch to add guards for the NULL values, the overall patch is as follows
> > (still building, not yet tested).
>
> Ok, the patched kernel behaves as expected, and was able to load a
> policy with changed X-related class definitions whereas an unpatched
> kernel rejected such a policy at load time. Re-sent the patch with
> signed-off-by line to James separately for -mm.
On the userspace header side for libselinux, I think we still want
"null" rather than NULL due to the manner in which it is used (won't
compile presently with the new headers).
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Expunging userspace classes and permissions from kernel headers
2007-03-30 19:44 ` Stephen Smalley
@ 2007-03-30 20:30 ` Christopher J. PeBenito
0 siblings, 0 replies; 15+ messages in thread
From: Christopher J. PeBenito @ 2007-03-30 20:30 UTC (permalink / raw)
To: Stephen Smalley
Cc: selinux, Eamon Walsh, Eric Paris, James Morris, Chad Sellers
On Fri, 2007-03-30 at 15:44 -0400, Stephen Smalley wrote:
> On Mon, 2007-03-26 at 13:40 -0400, Stephen Smalley wrote:
> > On Mon, 2007-03-26 at 11:23 -0400, Stephen Smalley wrote:
> > > On Fri, 2007-03-23 at 15:37 -0400, Christopher J. PeBenito wrote:
> > > > On Fri, 2007-03-23 at 12:25 -0400, Stephen Smalley wrote:
> > > > > On Fri, 2007-03-23 at 16:09 +0000, Christopher J. PeBenito wrote:
> > > > > > I reverted the comment change and changed "null" to NULL. Is this what
> > > > > > you had in mind (it doesn't have the PAX change yet)?
> > > > >
> > > > > Yes, looks sane. We would then apply that diff (re-based to the kernel
> > > > > tree) along with a patch like the following untested one (added a guard
> > > > > to both avc_dump_query and validate_classes despite my earlier comment).
> > > >
> > > > I have merged this into trunk and marked pax as userland so it can be
> > > > reclaimed.
> > >
> > > Thanks. Combining the resulting diff of the generated headers and my
> > > patch to add guards for the NULL values, the overall patch is as follows
> > > (still building, not yet tested).
> >
> > Ok, the patched kernel behaves as expected, and was able to load a
> > policy with changed X-related class definitions whereas an unpatched
> > kernel rejected such a policy at load time. Re-sent the patch with
> > signed-off-by line to James separately for -mm.
>
> On the userspace header side for libselinux, I think we still want
> "null" rather than NULL due to the manner in which it is used (won't
> compile presently with the new headers).
Fixed in refpolicy trunk.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2007-03-30 20:30 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-03-22 13:24 Expunging userspace classes and permissions from kernel headers Stephen Smalley
2007-03-22 13:46 ` Christopher J. PeBenito
2007-03-22 13:50 ` Stephen Smalley
2007-03-22 17:25 ` Christopher J. PeBenito
2007-03-22 17:51 ` Stephen Smalley
2007-03-23 16:09 ` Christopher J. PeBenito
2007-03-23 16:25 ` Stephen Smalley
2007-03-23 18:34 ` James Morris
2007-03-23 18:41 ` Eric Paris
2007-03-23 18:50 ` Stephen Smalley
2007-03-23 19:37 ` Christopher J. PeBenito
2007-03-26 15:23 ` Stephen Smalley
2007-03-26 17:40 ` Stephen Smalley
2007-03-30 19:44 ` Stephen Smalley
2007-03-30 20:30 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.