[ SEPOL ] Check if policy file is MLS enabled

[ SEPOL ] Check if policy file is MLS enabled

[Ivan Gyurdiev]

[-- Attachment #1: Type: text/plain, Size: 1 bytes --]



[-- Attachment #2: libsepol.mls_enabled.diff --]
[-- Type: text/x-patch, Size: 3558 bytes --]

diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/include/sepol/policydb.h new/libsepol/include/sepol/policydb.h
--- old/libsepol/include/sepol/policydb.h	2005-10-18 10:08:39.000000000 -0400
+++ new/libsepol/include/sepol/policydb.h	2005-11-23 05:54:09.000000000 -0500
@@ -53,6 +53,14 @@ extern void sepol_policy_file_set_fp(sep
 extern void sepol_policy_file_set_handle(sepol_policy_file_t *pf,
 					 sepol_handle_t *handle);
 
+/*
+ * Check if the policy file enables MLS
+ */
+
+extern int sepol_policy_file_mls_enabled(
+	sepol_policy_file_t* spf,
+	int* mls_enabled);
+
 /* Policydb public interfaces. */
 
 /* Create and free memory associated with a policydb. */
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/policydb_public.c new/libsepol/src/policydb_public.c
--- old/libsepol/src/policydb_public.c	2005-11-01 17:32:59.000000000 -0500
+++ new/libsepol/src/policydb_public.c	2005-11-23 05:57:42.000000000 -0500
@@ -1,6 +1,8 @@
 #include <stdlib.h>
 
+#include "handle.h"
 #include "debug.h"
+#include "private.h"
 #include <sepol/policydb/policydb.h>
 #include "policydb_internal.h"
 
@@ -60,6 +62,64 @@ void sepol_policy_file_free(sepol_policy
 	free(pf);
 }
 
+int sepol_policy_file_mls_enabled(
+	sepol_policy_file_t* spf,
+        int* mls_enabled)  {
+
+	sepol_handle_t* handle = spf->pf.handle;
+	struct policy_file* pf = &spf->pf;
+	unsigned int policy_type;
+	uint32_t *buf;
+
+	/**
+	 * 4 bytes magic
+	 * 4 bytes ID length x
+	 * x bytes ID string
+	 * (modules only): 4 bytes module type
+	 * 4 bytes policy version
+	 * 4 bytes mls status */
+
+	/* Magic, ID length */
+	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
+		goto err;
+
+	/* Check policy type */
+	buf[0] = le32_to_cpu(buf[0]);
+	if (buf[0] == POLICYDB_MAGIC)
+		policy_type = POLICY_KERN;
+        else if (buf[0] == POLICYDB_MOD_MAGIC)
+		policy_type = POLICY_MOD;
+        else {
+                ERR(handle, "policydb magic number %#08x does not "
+			"match expected magic number %#08x or %#08x",
+			buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
+		return STATUS_ERR;
+	}
+
+	/* Skip ID string */
+	buf[1] = le32_to_cpu(buf[1]);
+	if (!next_entry(pf, buf[1]))
+		goto err;
+
+	/* Skip module type */
+	if (policy_type == POLICY_MOD &&
+		!next_entry(pf, sizeof(uint32_t)))
+		goto err;
+
+	/* Skip policy version */
+	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
+		goto err;
+
+	/* Is MLS enabled? */
+	buf[1] = le32_to_cpu(buf[1]);
+	*mls_enabled = (buf[1] & POLICYDB_CONFIG_MLS)? 1:0;
+	return STATUS_SUCCESS;
+
+	err:
+	ERR(handle, "truncated policy file - could not check MLS status");
+	return STATUS_ERR;
+}
+
 /* Policydb interfaces. */
 
 int sepol_policydb_create(sepol_policydb_t **sp)
diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/user_record.c new/libsepol/src/user_record.c
--- old/libsepol/src/user_record.c	2005-11-19 00:51:25.000000000 -0500
+++ new/libsepol/src/user_record.c	2005-11-23 05:58:22.000000000 -0500
@@ -271,7 +271,7 @@ int sepol_user_get_roles(
 hidden_def(sepol_user_get_roles)
 
 void sepol_user_del_role(
-	sepol_handle_t* handle,	
+	sepol_handle_t* handle,
 	sepol_user_t* user, 
 	const char* role) {
 

Re: [ SEPOL ] Check if policy file is MLS enabled

[Joshua Brindle]

A much better way to do this would be to extract the header reading from 
policydb_read and make a helper function that does it. You will still be 
able to do a partial parse of the binary but only 1 function will have 
to be changed when a format change happens.


Ivan Gyurdiev wrote:
> 
> 
> ------------------------------------------------------------------------
> 
> diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/include/sepol/policydb.h new/libsepol/include/sepol/policydb.h
> --- old/libsepol/include/sepol/policydb.h	2005-10-18 10:08:39.000000000 -0400
> +++ new/libsepol/include/sepol/policydb.h	2005-11-23 05:54:09.000000000 -0500
> @@ -53,6 +53,14 @@ extern void sepol_policy_file_set_fp(sep
>  extern void sepol_policy_file_set_handle(sepol_policy_file_t *pf,
>  					 sepol_handle_t *handle);
>  
> +/*
> + * Check if the policy file enables MLS
> + */
> +
> +extern int sepol_policy_file_mls_enabled(
> +	sepol_policy_file_t* spf,
> +	int* mls_enabled);
> +
>  /* Policydb public interfaces. */
>  
>  /* Create and free memory associated with a policydb. */
> diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/policydb_public.c new/libsepol/src/policydb_public.c
> --- old/libsepol/src/policydb_public.c	2005-11-01 17:32:59.000000000 -0500
> +++ new/libsepol/src/policydb_public.c	2005-11-23 05:57:42.000000000 -0500
> @@ -1,6 +1,8 @@
>  #include <stdlib.h>
>  
> +#include "handle.h"
>  #include "debug.h"
> +#include "private.h"
>  #include <sepol/policydb/policydb.h>
>  #include "policydb_internal.h"
>  
> @@ -60,6 +62,64 @@ void sepol_policy_file_free(sepol_policy
>  	free(pf);
>  }
>  
> +int sepol_policy_file_mls_enabled(
> +	sepol_policy_file_t* spf,
> +        int* mls_enabled)  {
> +
> +	sepol_handle_t* handle = spf->pf.handle;
> +	struct policy_file* pf = &spf->pf;
> +	unsigned int policy_type;
> +	uint32_t *buf;
> +
> +	/**
> +	 * 4 bytes magic
> +	 * 4 bytes ID length x
> +	 * x bytes ID string
> +	 * (modules only): 4 bytes module type
> +	 * 4 bytes policy version
> +	 * 4 bytes mls status */
> +
> +	/* Magic, ID length */
> +	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
> +		goto err;
> +
> +	/* Check policy type */
> +	buf[0] = le32_to_cpu(buf[0]);
> +	if (buf[0] == POLICYDB_MAGIC)
> +		policy_type = POLICY_KERN;
> +        else if (buf[0] == POLICYDB_MOD_MAGIC)
> +		policy_type = POLICY_MOD;
> +        else {
> +                ERR(handle, "policydb magic number %#08x does not "
> +			"match expected magic number %#08x or %#08x",
> +			buf[0], POLICYDB_MAGIC, POLICYDB_MOD_MAGIC);
> +		return STATUS_ERR;
> +	}
> +
> +	/* Skip ID string */
> +	buf[1] = le32_to_cpu(buf[1]);
> +	if (!next_entry(pf, buf[1]))
> +		goto err;
> +
> +	/* Skip module type */
> +	if (policy_type == POLICY_MOD &&
> +		!next_entry(pf, sizeof(uint32_t)))
> +		goto err;
> +
> +	/* Skip policy version */
> +	if (!(buf = next_entry(pf, sizeof(uint32_t)*2)))
> +		goto err;
> +
> +	/* Is MLS enabled? */
> +	buf[1] = le32_to_cpu(buf[1]);
> +	*mls_enabled = (buf[1] & POLICYDB_CONFIG_MLS)? 1:0;
> +	return STATUS_SUCCESS;
> +
> +	err:
> +	ERR(handle, "truncated policy file - could not check MLS status");
> +	return STATUS_ERR;
> +}
> +
>  /* Policydb interfaces. */
>  
>  int sepol_policydb_create(sepol_policydb_t **sp)
> diff -Naurp --exclude CVS --exclude ChangeLog --exclude VERSION --exclude policycoreutils --exclude libsemanage --exclude 'booleans_kernel.*' --exclude 'database_pserver.*' old/libsepol/src/user_record.c new/libsepol/src/user_record.c
> --- old/libsepol/src/user_record.c	2005-11-19 00:51:25.000000000 -0500
> +++ new/libsepol/src/user_record.c	2005-11-23 05:58:22.000000000 -0500
> @@ -271,7 +271,7 @@ int sepol_user_get_roles(
>  hidden_def(sepol_user_get_roles)
>  
>  void sepol_user_del_role(
> -	sepol_handle_t* handle,	
> +	sepol_handle_t* handle,
>  	sepol_user_t* user, 
>  	const char* role) {
>  


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Ivan Gyurdiev]

Joshua Brindle wrote:
> A much better way to do this would be to extract the header reading 
> from policydb_read and make a helper function that does it. You will 
> still be able to do a partial parse of the binary but only 1 function 
> will have to be changed when a format change happens.
That's true.. will fix.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Stephen Smalley]

On Wed, 2005-11-23 at 08:48 -0500, Ivan Gyurdiev wrote:
> Joshua Brindle wrote:
> > A much better way to do this would be to extract the header reading 
> > from policydb_read and make a helper function that does it. You will 
> > still be able to do a partial parse of the binary but only 1 function 
> > will have to be changed when a format change happens.
> That's true.. will fix.

Other issue here (as noted off-list) is whether this should be acting on
a module/policy file directly or on a module package file.  The latter
seems more suitable for use by libsemanage, like the existing _info
interface.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Ivan Gyurdiev]

>>> A much better way to do this would be to extract the header reading 
>>> from policydb_read and make a helper function that does it. You will 
>>> still be able to do a partial parse of the binary but only 1 function 
>>> will have to be changed when a format change happens.
>>>       
>> That's true.. will fix.
>>     
>
> Other issue here (as noted off-list) is whether this should be acting on
> a module/policy file directly or on a module package file.  The latter
> seems more suitable for use by libsemanage, like the existing _info
> interface.
>
>   
We could put the fields that get_package_info returns into a structure, 
and add the mls status to those?


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Stephen Smalley]

On Mon, 2005-11-28 at 16:23 -0500, Ivan Gyurdiev wrote:
> We could put the fields that get_package_info returns into a structure, 
> and add the mls status to those?

I'd just add it as an extra argument to sepol_module_package_info, or
add a separate interface for it.  Structure doesn't really buy you
anything.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Stephen Smalley]

On Mon, 2005-11-28 at 16:23 -0500, Ivan Gyurdiev wrote:
> >>> A much better way to do this would be to extract the header reading 
> >>> from policydb_read and make a helper function that does it. You will 
> >>> still be able to do a partial parse of the binary but only 1 function 
> >>> will have to be changed when a format change happens.
> >>>       
> >> That's true.. will fix.
> >>     
> >
> > Other issue here (as noted off-list) is whether this should be acting on
> > a module/policy file directly or on a module package file.  The latter
> > seems more suitable for use by libsemanage, like the existing _info
> > interface.
> >
> >   
> We could put the fields that get_package_info returns into a structure, 
> and add the mls status to those?

Actually, given that the MLS-enabled code in libsemanage already
gracefully handles the case where the MLS range is omitted, why not just
remove the conditional altogether and avoid the need for this interface
in sepol?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [ SEPOL ] Check if policy file is MLS enabled

[Stephen Smalley]

On Tue, 2005-11-29 at 09:41 -0500, Stephen Smalley wrote:
> On Mon, 2005-11-28 at 16:23 -0500, Ivan Gyurdiev wrote:
> > >>> A much better way to do this would be to extract the header reading 
> > >>> from policydb_read and make a helper function that does it. You will 
> > >>> still be able to do a partial parse of the binary but only 1 function 
> > >>> will have to be changed when a format change happens.
> > >>>       
> > >> That's true.. will fix.
> > >>     
> > >
> > > Other issue here (as noted off-list) is whether this should be acting on
> > > a module/policy file directly or on a module package file.  The latter
> > > seems more suitable for use by libsemanage, like the existing _info
> > > interface.
> > >
> > >   
> > We could put the fields that get_package_info returns into a structure, 
> > and add the mls status to those?
> 
> Actually, given that the MLS-enabled code in libsemanage already
> gracefully handles the case where the MLS range is omitted, why not just
> remove the conditional altogether and avoid the need for this interface
> in sepol?

Patch below.

Index: libsemanage/src/seusers_file.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsemanage/src/seusers_file.c,v
retrieving revision 1.10
diff -u -p -r1.10 seusers_file.c
--- libsemanage/src/seusers_file.c	7 Nov 2005 21:51:26 -0000	1.10
+++ libsemanage/src/seusers_file.c	29 Nov 2005 14:40:34 -0000
@@ -80,23 +80,21 @@ static int seuser_parse(
 	free(str);
 	str = NULL;
 
-	if (is_selinux_mls_enabled()) {
-		if (parse_skip_space(handle, info) < 0)
-			goto err;
-		if (parse_optional_ch(info, ':') == STATUS_NODATA)
-			goto out;
-		if (parse_skip_space(handle, info) < 0)
-			goto err;
-
-		/* NOTE: does not allow spaces/multiline */
-		if (parse_fetch_string(handle, info, &str, ' ') < 0)
-			goto err;
-
-		if (semanage_seuser_set_mlsrange(handle, seuser, str) <  0)
-			goto err;
-		free(str);
-		str = NULL;
-	}
+	if (parse_skip_space(handle, info) < 0)
+		goto err;
+	if (parse_optional_ch(info, ':') == STATUS_NODATA)
+		goto out;
+	if (parse_skip_space(handle, info) < 0)
+		goto err;
+
+	/* NOTE: does not allow spaces/multiline */
+	if (parse_fetch_string(handle, info, &str, ' ') < 0)
+		goto err;
+
+	if (semanage_seuser_set_mlsrange(handle, seuser, str) <  0)
+		goto err;
+	free(str);
+	str = NULL;
 
 	if (parse_assert_space(handle, info) < 0)
 		goto err; 
Index: libsemanage/src/users_file.c
===================================================================
RCS file: /nfshome/pal/CVS/selinux-usr/libsemanage/src/users_file.c,v
retrieving revision 1.19
diff -u -p -r1.19 users_file.c
--- libsemanage/src/users_file.c	7 Nov 2005 21:51:26 -0000	1.19
+++ libsemanage/src/users_file.c	29 Nov 2005 14:41:12 -0000
@@ -148,41 +148,38 @@ static int user_parse(
 	} while (islist);
 
 	/* Handle mls */
-	if (is_selinux_mls_enabled()) {
+	/* Parse level header */
+	if (parse_skip_space(handle, info) < 0)
+		goto err;
+	if (parse_optional_str(info, "level") == STATUS_NODATA)
+		goto semicolon;
+	if (parse_assert_space(handle, info) < 0)
+		goto err;
+
+	/* NOTE: does not allow spaces/multiline */
+	if (parse_fetch_string(handle, info, &str, ' ') < 0)
+		goto err;
+	if (semanage_user_set_mlslevel(handle, user, str) < 0)
+		goto err;
+	free(str);
+	str = NULL;
 
-		/* Parse level header */
-		if (parse_skip_space(handle, info) < 0)
-			goto err;
-		if (parse_optional_str(info, "level") == STATUS_NODATA)
-			goto semicolon;
-		if (parse_assert_space(handle, info) < 0)
-			goto err;
-
-		/* NOTE: does not allow spaces/multiline */
-		if (parse_fetch_string(handle, info, &str, ' ') < 0)
-			goto err;
-		if (semanage_user_set_mlslevel(handle, user, str) < 0)
-			goto err;
-		free(str);
-		str = NULL;
-
-		/* Parse range header */
-		if (parse_assert_space(handle, info) < 0)
-			goto err;
-		if (parse_assert_str(handle, info, "range") < 0)
-			goto err;
-		if (parse_assert_space(handle, info) < 0)
-			goto err;
-
-		/* NOTE: does not allow spaces/multiline */
-		if (parse_fetch_string(handle, info, &str, ';') < 0)
-			goto err;
-		if (semanage_user_set_mlsrange(handle, user, str) < 0)
-			goto err;
-
-		free(str);
-		str = NULL;
-	}
+	/* Parse range header */
+	if (parse_assert_space(handle, info) < 0)
+		goto err;
+	if (parse_assert_str(handle, info, "range") < 0)
+		goto err;
+	if (parse_assert_space(handle, info) < 0)
+		goto err;
+
+	/* NOTE: does not allow spaces/multiline */
+	if (parse_fetch_string(handle, info, &str, ';') < 0)
+		goto err;
+	if (semanage_user_set_mlsrange(handle, user, str) < 0)
+		goto err;
+
+	free(str);
+	str = NULL;
 
 	/* Check for semicolon */
 	semicolon:

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.