SELinux-Refpolicy Archive on lore.kernel.org
 help / Atom feed
* connected_stream_socket_perms
@ 2019-01-10 10:51 Russell Coker
  2019-01-11  1:23 ` connected_stream_socket_perms Chris PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Russell Coker @ 2019-01-10 10:51 UTC (permalink / raw)
  To: selinux-refpolicy

define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind 
connect getopt setopt shutdown }')

define(`connected_socket_perms', `{ create ioctl read getattr write setattr 
append bind getopt setopt shutdown }')

The difference between these 2 is that connected_socket_perms includes create 
while rw_socket_perms has connect.  Why doesn't rw_socket_perms have create?  
Or if we are saying "rw_socket_perms only means reading and writing" then why 
does it have connect?

Does this all make sense?

I expect that a lot of policy has been written based on using whichever of 
those macros seems to match an audit2allow rule and vaguely match the concept 
of what someone imagines the program in question is doing.

Would it make sense to have another macro defined to { ioctl read getattr write 
setattr append bind getopt setopt shutdown } so that there can be a more 
obvious progression of which macro is a superset of which other macro?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/




^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: connected_stream_socket_perms
  2019-01-10 10:51 connected_stream_socket_perms Russell Coker
@ 2019-01-11  1:23 ` Chris PeBenito
  2019-01-11  3:22   ` connected_stream_socket_perms Russell Coker
  0 siblings, 1 reply; 3+ messages in thread
From: Chris PeBenito @ 2019-01-11  1:23 UTC (permalink / raw)
  To: Russell Coker, selinux-refpolicy

On 1/10/19 5:51 AM, Russell Coker wrote:
> define(`rw_socket_perms', `{ ioctl read getattr write setattr append bind
> connect getopt setopt shutdown }')
> 
> define(`connected_socket_perms', `{ create ioctl read getattr write setattr
> append bind getopt setopt shutdown }')
> 
> The difference between these 2 is that connected_socket_perms includes create
> while rw_socket_perms has connect.  Why doesn't rw_socket_perms have create?
> Or if we are saying "rw_socket_perms only means reading and writing" then why
> does it have connect?
> 
> Does this all make sense?
> 
> I expect that a lot of policy has been written based on using whichever of
> those macros seems to match an audit2allow rule and vaguely match the concept
> of what someone imagines the program in question is doing.
> 
> Would it make sense to have another macro defined to { ioctl read getattr write
> setattr append bind getopt setopt shutdown } so that there can be a more
> obvious progression of which macro is a superset of which other macro?

Those lines are ancient (2005).  I'm open to reveisions.  I'm definitely 
eager for better clarity and consistency.

-- 
Chris PeBenito

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: connected_stream_socket_perms
  2019-01-11  1:23 ` connected_stream_socket_perms Chris PeBenito
@ 2019-01-11  3:22   ` Russell Coker
  0 siblings, 0 replies; 3+ messages in thread
From: Russell Coker @ 2019-01-11  3:22 UTC (permalink / raw)
  To: Chris PeBenito, selinux-refpolicy

I don't even know where to start with this. What are the aims here? What access is reasonable and necessary?

The one assumption I think we can start from is that current policy is not a good guide to what is required. Probably all current policy is bad in this regard.

On 11 January 2019 12:23:21 pm AEDT, Chris PeBenito <pebenito@ieee.org> wrote:
>On 1/10/19 5:51 AM, Russell Coker wrote:
>> define(`rw_socket_perms', `{ ioctl read getattr write setattr append
>bind
>> connect getopt setopt shutdown }')
>> 
>> define(`connected_socket_perms', `{ create ioctl read getattr write
>setattr
>> append bind getopt setopt shutdown }')
>> 
>> The difference between these 2 is that connected_socket_perms
>includes create
>> while rw_socket_perms has connect.  Why doesn't rw_socket_perms have
>create?
>> Or if we are saying "rw_socket_perms only means reading and writing"
>then why
>> does it have connect?
>> 
>> Does this all make sense?
>> 
>> I expect that a lot of policy has been written based on using
>whichever of
>> those macros seems to match an audit2allow rule and vaguely match the
>concept
>> of what someone imagines the program in question is doing.
>> 
>> Would it make sense to have another macro defined to { ioctl read
>getattr write
>> setattr append bind getopt setopt shutdown } so that there can be a
>more
>> obvious progression of which macro is a superset of which other
>macro?
>
>Those lines are ancient (2005).  I'm open to reveisions.  I'm
>definitely 
>eager for better clarity and consistency.

-- 
Sent from my Huawei Mate 9 with K-9 Mail.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-10 10:51 connected_stream_socket_perms Russell Coker
2019-01-11  1:23 ` connected_stream_socket_perms Chris PeBenito
2019-01-11  3:22   ` connected_stream_socket_perms Russell Coker

SELinux-Refpolicy Archive on lore.kernel.org

Archives are clonable: git clone --mirror https://lore.kernel.org/selinux-refpolicy/0 selinux-refpolicy/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux-refpolicy selinux-refpolicy/ https://lore.kernel.org/selinux-refpolicy \
		selinux-refpolicy@vger.kernel.org selinux-refpolicy@archiver.kernel.org
	public-inbox-index selinux-refpolicy


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux-refpolicy


AGPL code for this site: git clone https://public-inbox.org/ public-inbox