[PATCH v2 1/3] libsepol: Write CIL default MLS rules on separate lines

[PATCH v2 1/3] libsepol: Write CIL default MLS rules on separate lines

[James Carter]

When converting a non-MLS kernel binary policy to CIL, write the CIL
default MLS rules (since CIL requires at least one sensitivity,
and sensitivityorder statements) on separate lines.

This improves the readability of the resulting CIL policy.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2: No changes

 libsepol/src/kernel_to_cil.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index ede78a20..cca77251 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -777,9 +777,9 @@ exit:
 
 static void write_default_mls_level(FILE *out)
 {
-	sepol_printf(out, "(sensitivity s0)");
-	sepol_printf(out, "(sensitivityorder (s0))");
-	sepol_printf(out, "(level %s (s0))", DEFAULT_LEVEL);
+	sepol_printf(out, "(sensitivity s0)\n");
+	sepol_printf(out, "(sensitivityorder (s0))\n");
+	sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL);
 }
 
 static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args)
-- 
2.25.4

[PATCH v2 2/3] libsepol: Improve writing CIL sensitivity rules

[James Carter]

Improves writing of CIL sensitivity rules when converting MLS kernel
policy to CIL. No changes to functionality, but eliminate useless
checks for sensitivity aliases when using the p_sens_val_to_name
array, find the actual number of aliases before allocating memory,
and skip the sensitivity alias rules if there are no aliases.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2: Add "__attribute__((unused))" to unused parameters as suggested by
    Nicolas Iooss

 libsepol/src/kernel_to_cil.c | 59 ++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index cca77251..b84da3e5 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -782,6 +782,17 @@ static void write_default_mls_level(FILE *out)
 	sepol_printf(out, "(level %s (s0))\n", DEFAULT_LEVEL);
 }
 
+static int map_count_sensitivity_aliases(__attribute__((unused)) char *key, void *data, void *args)
+{
+	level_datum_t *sens = data;
+	unsigned *count = args;
+
+	if (sens->isalias)
+		(*count)++;
+
+	return SEPOL_OK;
+}
+
 static int map_sensitivity_aliases_to_strs(char *key, void *data, void *args)
 {
 	level_datum_t *sens = data;
@@ -799,26 +810,13 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
 {
 	level_datum_t *level;
 	char *prev, *name, *actual;
-	struct strs *strs;
-	unsigned i, num;
+	struct strs *strs = NULL;
+	unsigned i, num = 0;
 	int rc = 0;
 
-	rc = strs_init(&strs, pdb->p_levels.nprim);
-	if (rc != 0) {
-		goto exit;
-	}
-
 	/* sensitivities */
 	for (i=0; i < pdb->p_levels.nprim; i++) {
 		name = pdb->p_sens_val_to_name[i];
-		if (!name) continue;
-		level = hashtab_search(pdb->p_levels.table, name);
-		if (!level) {
-			rc = -1;
-			goto exit;
-		}
-		if (level->isalias) continue;
-
 		sepol_printf(out, "(sensitivity %s)\n", name);
 	}
 
@@ -827,14 +825,6 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
 	prev = NULL;
 	for (i=0; i < pdb->p_levels.nprim; i++) {
 		name = pdb->p_sens_val_to_name[i];
-		if (!name) continue;
-		level = hashtab_search(pdb->p_levels.table, name);
-		if (!level) {
-			rc = -1;
-			goto exit;
-		}
-		if (level->isalias) continue;
-
 		if (prev) {
 			sepol_printf(out, "%s ", prev);
 		}
@@ -845,6 +835,22 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
 	}
 	sepol_printf(out, "))\n");
 
+	rc = hashtab_map(pdb->p_levels.table, map_count_sensitivity_aliases, &num);
+	if (rc != 0) {
+		goto exit;
+	}
+
+	if (num == 0) {
+		/* No aliases, so skip sensitivity alias rules */
+		rc = 0;
+		goto exit;
+	}
+
+	rc = strs_init(&strs, num);
+	if (rc != 0) {
+		goto exit;
+	}
+
 	rc = hashtab_map(pdb->p_levels.table, map_sensitivity_aliases_to_strs, strs);
 	if (rc != 0) {
 		goto exit;
@@ -852,16 +858,9 @@ static int write_sensitivity_rules_to_cil(FILE *out, struct policydb *pdb)
 
 	strs_sort(strs);
 
-	num = strs_num_items(strs);
-
 	/* sensitivity aliases */
 	for (i=0; i < num; i++) {
 		name = strs_read_at_index(strs, i);
-		level = hashtab_search(pdb->p_levels.table, name);
-		if (!level) {
-			rc = -1;
-			goto exit;
-		}
 		sepol_printf(out, "(sensitivityalias %s)\n", name);
 	}
 
-- 
2.25.4

[PATCH v2 3/3] libsepol: Improve writing CIL category rules

[James Carter]

Improves writing of CIL category rules when converting MLS kernel
policy to CIL. No changes to functionality, but eliminate useless
checks for category aliases when using the p_cat_val_to_name array,
find the actual number of aliases before allocating memory, and
skip the category alias rules if there are no aliases.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2: Add "__attribute__((unused))" to unused parameters as suggested by
    Nicolas Iooss

 libsepol/src/kernel_to_cil.c | 59 ++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 30 deletions(-)

diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index b84da3e5..36c6c682 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -886,6 +886,17 @@ exit:
 	return rc;
 }
 
+static int map_count_category_aliases(__attribute__((unused)) char *key, void *data, void *args)
+{
+	cat_datum_t *cat = data;
+	unsigned *count = args;
+
+	if (cat->isalias)
+		(*count)++;
+
+	return SEPOL_OK;
+}
+
 static int map_category_aliases_to_strs(char *key, void *data, void *args)
 {
 	cat_datum_t *cat = data;
@@ -903,26 +914,13 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
 {
 	cat_datum_t *cat;
 	char *prev, *name, *actual;
-	struct strs *strs;
-	unsigned i, num;
+	struct strs *strs = NULL;
+	unsigned i, num = 0;
 	int rc = 0;
 
-	rc = strs_init(&strs, pdb->p_levels.nprim);
-	if (rc != 0) {
-		goto exit;
-	}
-
 	/* categories */
 	for (i=0; i < pdb->p_cats.nprim; i++) {
 		name = pdb->p_cat_val_to_name[i];
-		if (!name) continue;
-		cat = hashtab_search(pdb->p_cats.table, name);
-		if (!cat) {
-			rc = -1;
-			goto exit;
-		}
-		if (cat->isalias) continue;
-
 		sepol_printf(out, "(category %s)\n", name);
 	}
 
@@ -931,14 +929,6 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
 	prev = NULL;
 	for (i=0; i < pdb->p_cats.nprim; i++) {
 		name = pdb->p_cat_val_to_name[i];
-		if (!name) continue;
-		cat = hashtab_search(pdb->p_cats.table, name);
-		if (!cat) {
-			rc = -1;
-			goto exit;
-		}
-		if (cat->isalias) continue;
-
 		if (prev) {
 			sepol_printf(out, "%s ", prev);
 		}
@@ -949,6 +939,22 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
 	}
 	sepol_printf(out, "))\n");
 
+	rc = hashtab_map(pdb->p_cats.table, map_count_category_aliases, &num);
+	if (rc != 0) {
+		goto exit;
+	}
+
+	if (num == 0) {
+		/* No aliases, so skip category alias rules */
+		rc = 0;
+		goto exit;
+	}
+
+	rc = strs_init(&strs, num);
+	if (rc != 0) {
+		goto exit;
+	}
+
 	rc = hashtab_map(pdb->p_cats.table, map_category_aliases_to_strs, strs);
 	if (rc != 0) {
 		goto exit;
@@ -956,16 +962,9 @@ static int write_category_rules_to_cil(FILE *out, struct policydb *pdb)
 
 	strs_sort(strs);
 
-	num = strs_num_items(strs);
-
 	/* category aliases */
 	for (i=0; i < num; i++) {
 		name = strs_read_at_index(strs, i);
-		cat = hashtab_search(pdb->p_cats.table, name);
-		if (!cat) {
-			rc = -1;
-			goto exit;
-		}
 		sepol_printf(out, "(categoryalias %s)\n", name);
 	}
 
-- 
2.25.4

Re: [PATCH v2 3/3] libsepol: Improve writing CIL category rules

[Stephen Smalley]

On Fri, May 22, 2020 at 10:58 AM James Carter <jwcart2@gmail.com> wrote:
>
> Improves writing of CIL category rules when converting MLS kernel
> policy to CIL. No changes to functionality, but eliminate useless
> checks for category aliases when using the p_cat_val_to_name array,
> find the actual number of aliases before allocating memory, and
> skip the category alias rules if there are no aliases.
>
> Signed-off-by: James Carter <jwcart2@gmail.com>

This series looks fine to me but do you have a test case that exercises it?

Re: [PATCH v2 3/3] libsepol: Improve writing CIL category rules

[James Carter]

[-- Attachment #1: Type: text/plain, Size: 660 bytes --]

On Wed, May 27, 2020 at 12:44 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Fri, May 22, 2020 at 10:58 AM James Carter <jwcart2@gmail.com> wrote:
> >
> > Improves writing of CIL category rules when converting MLS kernel
> > policy to CIL. No changes to functionality, but eliminate useless
> > checks for category aliases when using the p_cat_val_to_name array,
> > find the actual number of aliases before allocating memory, and
> > skip the category alias rules if there are no aliases.
> >
> > Signed-off-by: James Carter <jwcart2@gmail.com>
>
> This series looks fine to me but do you have a test case that exercises it?

See attached.

[-- Attachment #2: alias.cil --]
[-- Type: application/vnd.ms-artgalry, Size: 978 bytes --]

[-- Attachment #3: test_cil_alias.sh --]
[-- Type: application/x-shellscript, Size: 414 bytes --]

Re: [PATCH v2 3/3] libsepol: Improve writing CIL category rules

[Stephen Smalley]

On Wed, May 27, 2020 at 1:20 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, May 27, 2020 at 12:44 PM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > On Fri, May 22, 2020 at 10:58 AM James Carter <jwcart2@gmail.com> wrote:
> > >
> > > Improves writing of CIL category rules when converting MLS kernel
> > > policy to CIL. No changes to functionality, but eliminate useless
> > > checks for category aliases when using the p_cat_val_to_name array,
> > > find the actual number of aliases before allocating memory, and
> > > skip the category alias rules if there are no aliases.
> > >
> > > Signed-off-by: James Carter <jwcart2@gmail.com>
> >
> > This series looks fine to me but do you have a test case that exercises it?
>
> See attached.

Ok we should likely try to move some of these out of tree tests into
the set of tests exercised by
make test in libsepol or checkpolicy or secilc and thereby get them
regression tested by travis-ci.

Regardless, for this series,
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>

Re: [PATCH v2 3/3] libsepol: Improve writing CIL category rules

[Stephen Smalley]

On Wed, May 27, 2020 at 3:23 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Wed, May 27, 2020 at 1:20 PM James Carter <jwcart2@gmail.com> wrote:
> >
> > On Wed, May 27, 2020 at 12:44 PM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > >
> > > On Fri, May 22, 2020 at 10:58 AM James Carter <jwcart2@gmail.com> wrote:
> > > >
> > > > Improves writing of CIL category rules when converting MLS kernel
> > > > policy to CIL. No changes to functionality, but eliminate useless
> > > > checks for category aliases when using the p_cat_val_to_name array,
> > > > find the actual number of aliases before allocating memory, and
> > > > skip the category alias rules if there are no aliases.
> > > >
> > > > Signed-off-by: James Carter <jwcart2@gmail.com>
> > >
> > > This series looks fine to me but do you have a test case that exercises it?
> >
> > See attached.
>
> Ok we should likely try to move some of these out of tree tests into
> the set of tests exercised by
> make test in libsepol or checkpolicy or secilc and thereby get them
> regression tested by travis-ci.
>
> Regardless, for this series,
> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>

Applied.