From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S638213AbdD1QeJ (ORCPT ); Fri, 28 Apr 2017 12:34:09 -0400 Received: from smtp.nsa.gov ([8.44.101.9]:32524 "EHLO emsm-gh1-uea11.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1424128AbdD1QeB (ORCPT ); Fri, 28 Apr 2017 12:34:01 -0400 X-IronPort-AV: E=Sophos;i="5.37,388,1488844800"; d="scan'208";a="5317309" IronPort-PHdr: =?us-ascii?q?9a23=3ACH4DhRa2g7MthnaKStYu57L/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZps+6Yx7h7PlgxGXEQZ/co6odzbGH7ea8CSdZuc/JmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYdFRrlKAV6?= =?us-ascii?q?OPn+FJLMgMSrzeCy/IDYbxlViDanb75/KBS7oR/eu8QVjoduN7o9xgbUqXZUZu?= =?us-ascii?q?pawn9lK0iOlBjm/Mew+5Bj8yVUu/0/8sNLTLv3caclQ7FGFToqK2866tHluhnF?= =?us-ascii?q?VguP+2ATUn4KnRpSAgjK9w/1U5HsuSbnrOV92S2aPcrrTbAoXDmp8qlmRAP0hC?= =?us-ascii?q?oBKjU063/chNBug61HoRKhvx1/zJDSYIGJL/p1Y6fRccoHSWZdQspdUipMDY2m?= =?us-ascii?q?b4sLEuEPI+BWoYfgrFcKtBeyGxWgCObpxzRVhHH5wLc63vwiHw/b3AIuAdwAv3?= =?us-ascii?q?barNXyKKgcVu+6wqbTwDXfbP5bwyvx5ZLUfh0jp/yHQLJ+cdDWyUkqDw7Lk0mQ?= =?us-ascii?q?ppL9PzOVyOsNtXWQ4fdlVe21j24nrx9+oziyzcorkYnGm5kVx0vY9SR53Ik1Jd?= =?us-ascii?q?q4RFR9Yd6/CpRcrS6aN4xoQs47RWxjpSU0yqUetJKmcyUHx44ryh7CZ/CdbYSF?= =?us-ascii?q?7QzvWPyMLTp+mXlrYqiwhwyo/kil0uD8U86030tUoSddidnMs2wN1wTU6siaVv?= =?us-ascii?q?tx5keh1iiL1wDU8uxEPVo7lbDaK5482b48jIYTsETfES/2n0X6lqmWeVk/+ue0?= =?us-ascii?q?8ejnZ7TmppuEO491jAHxLLgul9SiDek3PQUCRWiW9fmm2LH98kD1Xq9GguAunq?= =?us-ascii?q?ncqp/aJMAbpqCjAw9S14Yu8w2/ACq90NkDgXkGLE5KeBKAj4TzPVHOO+r3Ae2w?= =?us-ascii?q?g1Srjjdn3+rGMaH5ApXRMnjDl6/sfa1m5E5ByQoz1stf55VSCrwaPf38R0nxuM?= =?us-ascii?q?bEAR8+Ngy+2/znB8ll1oMCRWKPBbeUP77Ivl+O5+IgPe2MZI0OtTb4Nfcl4/ru?= =?us-ascii?q?gmU/mV8acqilx4cYaHe9Hv5+OUWWfWLsgssdEWcNpgc+VPbliECGUTNIf3a9Rb?= =?us-ascii?q?885jUiBIKjCofDQZqtj6Kb0CinGZ1WY3hMCkqQHnfwa4WER/AMZTqMLc95iDME?= =?us-ascii?q?T7mhS5Q62BG2rgD60btnLvHM+i0cr53syMZ66/fUlREo+jx+F96d3H2VT2Fogm?= =?us-ascii?q?MIQCc73KJlrkx41FiDyrJ0g/hCGdxW4PNJSB06NZ/Hz+FhDNDyQBjOccuNSFm4?= =?us-ascii?q?WNmpHTYxTtcpyd8Uf0l9A8mijgzE3yeyGL8aiaaLBJMq/a/H33j+PcJ9y3LG1a?= =?us-ascii?q?knlVUpXsxPNWi+jK5l6wfTH5LJk1mel6uycaQc3SjN9HqMzGaXv0FXThRwUaPb?= =?us-ascii?q?UnAbfUbWs9v56V3YT7O0CrQoLBFBycicJatOcNHpik9GRPj7MtTEf22xg3uwBQ?= =?us-ascii?q?qPxr6UaIrqemMd3DjSCUQdiAAc42qJNRUkBiegv2LfDCViFVfoY0zx7Ol+rG20?= =?us-ascii?q?Q1QqzwGFcUJhzaC5+h0LivyGTfMcwLYEtD0mqzVuE1a3x8jWBMaYpwp9YKVcZs?= =?us-ascii?q?sw4Exc2mLEtgx9JYegL6dkhlIEbgt4okXu2g54CoVFi8cqrXcqwBBuJqKf1VMS?= =?us-ascii?q?Pw+fiKv9MLTMNmj/+liFdq/NwVbYmIKN8LoO8+8/rRPvsAeBGU8r8nEh2N5QhS?= =?us-ascii?q?iy/JLPWTEOXIrxX0B/zB1zo7XXc2Fp/I/P/WF9Oqmz9DnZ0pQmA/VzmUXoRMtW?= =?us-ascii?q?LK7RTFy6KMYdHcX7bbVww1U=3D?= X-IPAS-Result: =?us-ascii?q?A2EMAwDLbQNZ/wHyM5BeGwEBAQMBAQEJAQEBFgEBAQMBAQE?= =?us-ascii?q?JAQEBgwEpgW2DaJozAQEBAQEBBoEml3yGJAKENlcBAQEBAQEBAQIBAmgogjMiA?= =?us-ascii?q?YJAAQUjDwFGEAsNAQoCAiYCAlcGE4gIggoNryGCJiYCimEBAQEBAQUBAQEBASO?= =?us-ascii?q?BC4UOhT6EX4MGgl8FnVGTDoICiRCGTJAPJYN1WIEKJQkCHggfD4U0HYF/JDWHb?= =?us-ascii?q?AEBAQ?= Message-ID: <1493397487.6177.10.camel@tycho.nsa.gov> Subject: Re: [PATCH 2/3] selinux: add checksum to policydb From: Stephen Smalley To: Sebastien Buisson Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, selinux@tycho.nsa.gov, serge@hallyn.com, james.l.morris@oracle.com, Eric Paris , Paul Moore , Daniel Jurgens , Sebastien Buisson Date: Fri, 28 Apr 2017 12:38:07 -0400 In-Reply-To: References: <1493218936-18522-1-git-send-email-sbuisson@ddn.com> <1493218936-18522-2-git-send-email-sbuisson@ddn.com> <1493231426.32540.11.camel@tycho.nsa.gov> <1493306283.2524.17.camel@tycho.nsa.gov> <1493318826.2524.21.camel@tycho.nsa.gov> <1493394641.6177.8.camel@tycho.nsa.gov> Organization: National Security Agency Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.22.6 (3.22.6-2.fc25) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2017-04-28 at 18:08 +0200, Sebastien Buisson wrote: > 2017-04-28 17:50 GMT+02:00 Stephen Smalley : > > You seem to be conflating kernel policy with userspace policy. > > security_load_policy() is provided with the kernel policy image, > > which > > is the result of linking the kernel-relevant portions of all policy > > modules together. A hash of that image will change if you insert a > > policy module that affects the kernel policy in any way.  But a > > change > > that only affects userspace policy isn't ever going to be reflected > > in > > the kernel.  It doesn't matter where or when you compute your > > checksum > > within the kernel; it isn't ever going to reflect those userspace > > policy changes. > > Here is the content of the module is used for my tests: > > #============= user_t ============== > allow user_t mnt_t:dir { write add_name }; > allow user_t mnt_t:file { write create }; > > After loading the .pp corresponding to it, I can see that with the > method of computing the checksum on the (data, len) pair on entry to > security_load_policy(), the checksum does not change. However, when > using the (data, len) pair got from > security_read_policy(), the checksum changes. And when I remove the > module, the checksum is back to its previous value. > So this is what makes me think there is a difference. Am I missing > something? Policy is loaded via security_load_policy(), so the policy image has to go through it in the first place to be loaded (ignoring kernel exploits or direct /dev/mem access). You couldn't have loaded the modified policy with your new rules without the modified policy getting processed by security_load_policy(). So I'm assuming there is a bug in your code or your testing.