Date: Mon, 15 Sep 2003 07:03:43 -0700 (PDT) From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 38085 for review Message-ID: <200309151403.h8FE3hZx036936@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=38085 Change 38085 by areisse@areisse_tislabs on 2003/09/15 07:03:02 ss/avc from new selinux (2003-08-13 2.4) Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.c#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/policy_parse.y#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/policy_scan.l#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/write.c#1 add .. //depot/projects/trustedbsd/sebsd/sbin/sebsd_checkpolicy/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc_ss.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask_types.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/linux-compat.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.c#19 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_labels.h#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.c#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/avtab.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/constraint.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/context.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/ebitmap.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/global.h#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/hashtab.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/init.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/mls_types.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/policydb.h#4 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/queue.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/security.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.c#5 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/services.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.c#6 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/sidtab.h#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.c#3 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/ss/symtab.h#3 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.c#3 (text+ko) ==== @@ -65,7 +65,7 @@ char *txtfile = "policy.conf"; char *binfile = "policy"; -int avc_debug_always_allow = 0; +int selinux_enforcing = 1; int avc_ss_reset(__u32 seqno) { @@ -311,6 +311,7 @@ security_id_t ssid, tsid, *sids; security_context_t scontext; access_vector_t allowed, decided, auditallow, auditdeny; + struct av_decision avd; class_datum_t *cladatum; char ans[80 + 1], *perm, *file = txtfile, *outfile = NULL, *path, *fstype; unsigned int scontext_len, pathlen, seqno, i; @@ -483,10 +484,8 @@ printf("\nNo access vector definition for that class\n"); break; } - ret = security_compute_av(ssid, tsid, tclass, 0, - &allowed, &decided, - &auditallow, &auditdeny, - &seqno); + ret = security_compute_av(ssid, tsid, tclass, 0, &avd); + allowed = avd.allowed; switch (ret) { case 0: printf("\nallowed {"); @@ -506,22 +505,6 @@ } printf(" }\n"); - printf("audit-allowed {"); - for (i = 1; i <= sizeof(allowed) * 8; i++) { - if (auditallow & (((access_vector_t)1) << (i - 1))) { - perm = (char *) hashtab_map(cladatum->permissions.table, - find_perm, &i); - - if (!perm && cladatum->comdatum) { - perm = (char *) hashtab_map(cladatum->comdatum->permissions.table, - find_perm, &i); - } - if (perm) - printf(" %s", perm); - } - } - printf(" }\n"); - break; case -EINVAL: printf("\ninvalid sid\n"); @@ -701,8 +684,8 @@ ans[strlen(ans) - 1] = 0; security_fs_use(ans, &ret, &ssid); switch (ret) { - case SECURITY_FS_USE_PSID: - printf("use persistent label mapping\n"); + case SECURITY_FS_USE_XATTR: + printf("use extended attributes\n"); break; case SECURITY_FS_USE_TRANS: printf("use transition SIDs\n"); @@ -717,7 +700,7 @@ printf("no labeling support\n"); break; } - if (ret != SECURITY_FS_USE_PSID) + if (ret != SECURITY_FS_USE_XATTR) printf("sid %d\n", ssid); break; case 'd': ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/checkpolicy.h#2 (text+ko) ==== @@ -4,9 +4,9 @@ #include "ebitmap.h" typedef struct te_assert { - ebitmap_t stypes; - ebitmap_t ttypes; - ebitmap_t tclasses; + struct ebitmap stypes; + struct ebitmap ttypes; + struct ebitmap tclasses; int self; access_vector_t *avp; unsigned long line; @@ -15,4 +15,39 @@ te_assert_t *te_assertions; +typedef u_int64_t __u64; +typedef u_int32_t __u32; +typedef u_int16_t __u16; +typedef u_int8_t __u8; + +typedef struct ebitmap ebitmap_t; +typedef struct ebitmap_node ebitmap_node_t; +typedef struct avtab avtab_t; +typedef struct avtab_node *avtab_ptr_t; +typedef struct avtab_key avtab_key_t; +typedef struct avtab_datum avtab_datum_t; +typedef struct policydb policydb_t; +typedef struct role_datum role_datum_t; +typedef struct class_datum class_datum_t; +typedef struct common_datum common_datum_t; +typedef struct perm_datum perm_datum_t; +typedef struct type_datum type_datum_t; +typedef struct user_datum user_datum_t; +typedef struct constraint_expr constraint_expr_t; +typedef struct constraint_node constraint_node_t; +typedef struct context context_struct_t; +typedef struct context context_t; +typedef struct ocontext ocontext_t; +typedef struct genfs genfs_t; +typedef void *hashtab_key_t; +typedef void *hashtab_datum_t; + +#define HASHTAB_SUCCESS 0 +#define HASHTAB_OVERFLOW ENOMEM +#define HASHTAB_PRESENT EEXIST +#define HASHTAB_MISSING ENOENT + +#define TRUE 1 +#define FALSE 0 + #endif ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/policy_parse.y#3 (text+ko) ==== @@ -1,10 +1,6 @@ /* - * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> - * - * The policy compiler was originally written while I was employed by NSA, - * but I have implemented a number of extensions and revisions since - * joining NAI Labs. + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ /* FLASK */ @@ -17,13 +13,16 @@ #include <netinet/in.h> #include "linux-compat.h" #endif /* __FreeBSD__ */ -#include "flask.h" #include "policydb.h" #include "services.h" #include "queue.h" #include "checkpolicy.h" +#include "flask.h" #include "security.h" +#define TRUE 1 +#define FALSE 0 + policydb_t *policydbp; queue_t id_queue = 0; unsigned int pass; @@ -58,7 +57,7 @@ static int define_role_trans(void); static int define_role_allow(void); static int define_constraint(constraint_expr_t *expr); -static constraint_expr_t *define_cexpr(__u32 expr_type, __u32 arg1, __u32 arg2); +static constraint_expr_t *define_cexpr(__u32 expr_type, void *arg1, void* arg2); static int define_user(void); static int parse_security_context(context_struct_t *c); static int define_initial_sid_context(void); @@ -70,6 +69,14 @@ static int define_node_context(int addr, int mask); %} +%union { + int val; + void *ptr; +} + +%type <ptr> role_def roles cexpr cexpr_prim op roleop +%type <val> ipv4_addr_def number + %token PATH %token CLONE %token COMMON @@ -103,11 +110,12 @@ %token TARGET %token SAMEUSER %token FSCON PORTCON NETIFCON NODECON -%token FSUSEPSID FSUSETASK FSUSETRANS +%token FSUSEXATTR FSUSETASK FSUSETRANS %token GENFSCON %token U1 U2 R1 R2 T1 T2 %token NOT AND OR %token IDENTIFIER +%token USER_IDENTIFIER %token NUMBER %token EQUALS %token NOTEQUAL @@ -292,12 +300,12 @@ roles : role_def { $$ = $1; } | roles role_def - { $$ = (int) merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} + { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} ; role_def : ROLE identifier_push ';' - {$$ = (int) define_role_dom(NULL); if ($$ == 0) return -1;} + {$$ = define_role_dom(NULL); if ($$ == 0) return -1;} | ROLE identifier_push '{' roles '}' - {$$ = (int) define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} + {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} ; opt_constraints : constraints | @@ -311,82 +319,84 @@ cexpr : '(' cexpr ')' { $$ = $2; } | NOT cexpr - { $$ = (int) define_cexpr(CEXPR_NOT, $2, 0); + { $$ = define_cexpr(CEXPR_NOT, $2, 0); if ($$ == 0) return -1; } | cexpr AND cexpr - { $$ = (int) define_cexpr(CEXPR_AND, $1, $3); + { $$ = define_cexpr(CEXPR_AND, $1, $3); if ($$ == 0) return -1; } | cexpr OR cexpr - { $$ = (int) define_cexpr(CEXPR_OR, $1, $3); + { $$ = define_cexpr(CEXPR_OR, $1, $3); if ($$ == 0) return -1; } | cexpr_prim { $$ = $1; } ; cexpr_prim : U1 op U2 - { $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_USER, $2); + { $$ = define_cexpr(CEXPR_ATTR, (void*)CEXPR_USER, $2); if ($$ == 0) return -1; } | R1 roleop R2 - { $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); + { $$ = define_cexpr(CEXPR_ATTR, (void*)CEXPR_ROLE, $2); if ($$ == 0) return -1; } | T1 op T2 - { $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); + { $$ = define_cexpr(CEXPR_ATTR, (void*)CEXPR_TYPE, $2); if ($$ == 0) return -1; } - | U1 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); + | U1 op { if (insert_separator(1)) return -1; } user_names_push + { $$ = define_cexpr(CEXPR_NAMES, (void*)CEXPR_USER, $2); if ($$ == 0) return -1; } - | U2 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_USER | CEXPR_TARGET, $2); + | U2 op { if (insert_separator(1)) return -1; } user_names_push + { $$ = define_cexpr(CEXPR_NAMES, (void*)(CEXPR_USER | CEXPR_TARGET), $2); if ($$ == 0) return -1; } | R1 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2); + { $$ = define_cexpr(CEXPR_NAMES, (void*)CEXPR_ROLE, $2); if ($$ == 0) return -1; } | R2 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_ROLE | CEXPR_TARGET, $2); + { $$ = define_cexpr(CEXPR_NAMES, (void*)(CEXPR_ROLE | CEXPR_TARGET), $2); if ($$ == 0) return -1; } | T1 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2); + { $$ = define_cexpr(CEXPR_NAMES, (void*)CEXPR_TYPE, $2); if ($$ == 0) return -1; } | T2 op { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_TYPE | CEXPR_TARGET, $2); + { $$ = define_cexpr(CEXPR_NAMES, (void*)(CEXPR_TYPE | CEXPR_TARGET), $2); if ($$ == 0) return -1; } - ; | SAMEUSER - { $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ); + { $$ = define_cexpr(CEXPR_ATTR, (void*)CEXPR_USER, (void*)CEXPR_EQ); if ($$ == 0) return -1; } | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ); + { $$ = define_cexpr(CEXPR_NAMES, (void*)CEXPR_ROLE, (void*)CEXPR_EQ); if ($$ == 0) return -1; } | TARGET ROLE { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_ROLE | CEXPR_TARGET, CEXPR_EQ); + { $$ = define_cexpr(CEXPR_NAMES, (void*)(CEXPR_ROLE | CEXPR_TARGET), (void*)CEXPR_EQ); if ($$ == 0) return -1; } | ROLE roleop - { $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); + { $$ = define_cexpr(CEXPR_ATTR, (void*)CEXPR_ROLE, (void*)$2); if ($$ == 0) return -1; } | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ); + { $$ = define_cexpr(CEXPR_NAMES, (void*)CEXPR_TYPE, (void*)CEXPR_EQ); if ($$ == 0) return -1; } | TARGET TYPE { if (insert_separator(1)) return -1; } names_push - { $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_TYPE | CEXPR_TARGET, CEXPR_EQ); + { $$ = define_cexpr(CEXPR_NAMES, (void*)(CEXPR_TYPE | CEXPR_TARGET), (void*)CEXPR_EQ); if ($$ == 0) return -1; } ; op : EQUALS - { $$ = CEXPR_EQ; } + { $$ = (void*)CEXPR_EQ; } | NOTEQUAL - { $$ = CEXPR_NEQ; } + { $$ = (void*)CEXPR_NEQ; } ; roleop : op { $$ = $1; } | DOM - { $$ = CEXPR_DOM; } + { $$ = (void*)CEXPR_DOM; } | DOMBY - { $$ = CEXPR_DOMBY; } + { $$ = (void*)CEXPR_DOMBY; } | INCOMP - { $$ = CEXPR_INCOMP; } + { $$ = (void*)CEXPR_INCOMP; } ; users : user_def | users user_def ; -user_def : USER identifier ROLES names opt_user_ranges ';' +user_id : identifier + | user_identifier + ; +user_def : USER user_id ROLES names opt_user_ranges ';' {if (define_user()) return -1;} ; opt_user_ranges : RANGES user_ranges @@ -447,8 +457,8 @@ fs_uses : fs_use_def | fs_uses fs_use_def ; -fs_use_def : FSUSEPSID identifier ';' - {if (define_fs_use(SECURITY_FS_USE_PSID)) return -1;} +fs_use_def : FSUSEXATTR identifier security_context_def ';' + {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} | FSUSETASK identifier security_context_def ';' {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} | FSUSETRANS identifier security_context_def ';' @@ -479,7 +489,7 @@ $$ = addr; } ; -security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def +security_context_def : user_id ':' identifier ':' identifier opt_mls_range_def ; opt_mls_range_def : ':' mls_range_def | @@ -545,6 +555,23 @@ identifier : IDENTIFIER { if (insert_id(yytext,0)) return -1; } ; +user_identifier : USER_IDENTIFIER + { if (insert_id(yytext,0)) return -1; } + ; +user_identifier_push : USER_IDENTIFIER + { if (insert_id(yytext, 1)) return -1; } + ; +user_identifier_list_push : user_identifier_push + | identifier_list_push user_identifier_push + | user_identifier_list_push identifier_push + | user_identifier_list_push user_identifier_push + ; +user_names_push : names_push + | user_identifier_push + | '{' user_identifier_list_push '}' + | tilde_push user_identifier_push + | tilde_push '{' user_identifier_list_push '}' + ; path : PATH { if (insert_id(yytext,0)) return -1; } ; @@ -1196,7 +1223,7 @@ free(id); continue; } - if (!ebitmap_set_bit(&levdatum->level->cat, catdatum->value - 1, TRUE)) { + if (ebitmap_set_bit(&levdatum->level->cat, catdatum->value - 1, TRUE)) { yyerror("out of memory"); free(id); free(levid); @@ -1538,19 +1565,19 @@ while ((id = queue_remove(id_queue))) { #ifdef CONFIG_SECURITY_SELINUX_MLS if (!strcmp(id, "mlstrustedreader")) { - if (!ebitmap_set_bit(&policydbp->trustedreaders, datum->value - 1, TRUE)) { + if (ebitmap_set_bit(&policydbp->trustedreaders, datum->value - 1, TRUE)) { yyerror("out of memory"); free(id); return -1; } } else if (!strcmp(id, "mlstrustedwriter")) { - if (!ebitmap_set_bit(&policydbp->trustedwriters, datum->value - 1, TRUE)) { + if (ebitmap_set_bit(&policydbp->trustedwriters, datum->value - 1, TRUE)) { yyerror("out of memory"); free(id); return -1; } } else if (!strcmp(id, "mlstrustedobject")) { - if (!ebitmap_set_bit(&policydbp->trustedobjects, datum->value - 1, TRUE)) { + if (ebitmap_set_bit(&policydbp->trustedobjects, datum->value - 1, TRUE)) { yyerror("out of memory"); free(id); return -1; @@ -1603,26 +1630,37 @@ return 0; } +struct val_to_name { + unsigned int val; + char *name; +}; static int type_val_to_name_helper(hashtab_key_t key, hashtab_datum_t datum, void *p) { - unsigned int value; type_datum_t *typdatum; + struct val_to_name *v = p; - value = (unsigned int) p; typdatum = (type_datum_t *) datum; - if (value == typdatum->value) - return (int) key; + if (v->val == typdatum->value) { + v->name = key; + return 1; + } return 0; } - static char *type_val_to_name(unsigned int val) { - return (char*) hashtab_map(policydbp->p_types.table, - type_val_to_name_helper, (void *)val); + struct val_to_name v; + int rc; + + v.val = val; + rc = hashtab_map(policydbp->p_types.table, + type_val_to_name_helper, &v); + if (rc) + return v.name; + return NULL; } @@ -1815,14 +1853,15 @@ static int perm_name(hashtab_key_t key, hashtab_datum_t datum, void *data) { - unsigned int val; + struct val_to_name *v = data; perm_datum_t *perdatum; - val = (unsigned int) data; perdatum = (perm_datum_t *) datum; - if (val == perdatum->value) - return (int) key; + if (v->val == perdatum->value) { + v->name = key; + return 1; + } return 0; } @@ -1830,23 +1869,26 @@ char *av_to_string(__u32 tclass, access_vector_t av) { + struct val_to_name v; static char avbuf[1024]; class_datum_t *cladatum; - char *perm, *p; - int i; + char *perm = NULL, *p; + int i, rc; cladatum = policydbp->class_val_to_struct[tclass-1]; p = avbuf; for (i = 0; i < cladatum->permissions.nprim; i++) { if (av & (1 << i)) { - perm = (char *) hashtab_map( - cladatum->permissions.table, - perm_name, (void*)(i+1)); - if (!perm && cladatum->comdatum) { - perm = (char *) hashtab_map( + v.val = i+1; + rc = hashtab_map(cladatum->permissions.table, + perm_name, &v); + if (!rc && cladatum->comdatum) { + rc = hashtab_map( cladatum->comdatum->permissions.table, - perm_name, (void*)(i+1)); + perm_name, &v); } + if (rc) + perm = v.name; if (perm) { sprintf(p, " %s", perm); p += strlen(p); @@ -1860,11 +1902,12 @@ static int te_avtab_helper(int which, int stype, int ttype, ebitmap_t *tclasses, access_vector_t *avp) + { avtab_key_t avkey; avtab_datum_t avdatum, *avdatump; int ret, k; - + if (which == -AVTAB_ALLOWED) { yyerror("neverallow should not reach this function."); return -1; @@ -2062,16 +2105,18 @@ return -1; } + static int role_val_to_name_helper(hashtab_key_t key, hashtab_datum_t datum, void *p) { - unsigned int value; + struct val_to_name *v = p; role_datum_t *roldatum; - value = (unsigned int) p; roldatum = (role_datum_t *) datum; - if (value == roldatum->value) - return (int) key; + if (v->val == roldatum->value) { + v->name = key; + return 1; + } return 0; } @@ -2079,8 +2124,15 @@ static char *role_val_to_name(unsigned int val) { - return (char*) hashtab_map(policydbp->p_roles.table, - role_val_to_name_helper, (void *)val); + struct val_to_name v; + int rc; + + v.val = val; + rc = hashtab_map(policydbp->p_roles.table, + role_val_to_name_helper, &v); + if (rc) + return v.name; + return NULL; } static int define_role_types(void) @@ -2146,11 +2198,11 @@ } memset(new, 0, sizeof(role_datum_t)); new->value = 0; /* temporary role */ - if (!ebitmap_or(&new->dominates, &r1->dominates, &r2->dominates)) { + if (ebitmap_or(&new->dominates, &r1->dominates, &r2->dominates)) { yyerror("out of memory"); return NULL; } - if (!ebitmap_or(&new->types, &r1->types, &r2->types)) { + if (ebitmap_or(&new->types, &r1->types, &r2->types)) { yyerror("out of memory"); return NULL; } @@ -2418,7 +2470,8 @@ class_datum_t *cladatum; perm_datum_t *perdatum; ebitmap_t classmap; - int i; + constraint_expr_t *e; + int i, depth; if (pass == 1) { while ((id = queue_remove(id_queue))) @@ -2428,6 +2481,41 @@ return 0; } + depth = -1; + for (e = expr; e; e = e->next) { + switch (e->expr_type) { + case CEXPR_NOT: + if (depth < 0) { + yyerror("illegal constraint expression"); + return -1; + } + break; + case CEXPR_AND: + case CEXPR_OR: + if (depth < 1) { + yyerror("illegal constraint expression"); + return -1; + } + depth--; + break; + case CEXPR_ATTR: + case CEXPR_NAMES: + if (depth == (CEXPR_MAXDEPTH-1)) { + yyerror("constraint expression is too deep"); + return -1; + } + depth++; + break; + default: + yyerror("illegal constraint expression"); + return -1; + } + } + if (depth != 0) { + yyerror("illegal constraint expression"); + return -1; + } + ebitmap_init(&classmap); while ((id = queue_remove(id_queue))) { cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table, @@ -2437,25 +2525,21 @@ ebitmap_destroy(&classmap); yyerror(errormsg); free(id); - constraint_expr_destroy(expr); return -1; } - if (!ebitmap_set_bit(&classmap, cladatum->value - 1, TRUE)) { + if (ebitmap_set_bit(&classmap, cladatum->value - 1, TRUE)) { yyerror("out of memory"); ebitmap_destroy(&classmap); free(id); - constraint_expr_destroy(expr); return -1; } node = malloc(sizeof(struct constraint_node)); if (!node) { yyerror("out of memory"); - constraint_expr_destroy(expr); return -1; } memset(node, 0, sizeof(constraint_node_t)); node->expr = expr; - expr->count++; node->permissions = 0; node->next = cladatum->constraints; @@ -2464,8 +2548,6 @@ free(id); } - expr->count--; - while ((id = queue_remove(id_queue))) { for (i = ebitmap_startbit(&classmap); i < ebitmap_length(&classmap); i++) { if (ebitmap_get_bit(&classmap, i)) { @@ -2500,9 +2582,9 @@ static constraint_expr_t * - define_cexpr(__u32 expr_type, __u32 arg1, __u32 arg2) + define_cexpr(__u32 expr_type, void* arg1, void* arg2) { - struct constraint_expr *expr; + struct constraint_expr *expr, *e1 = NULL, *e2; user_datum_t *user; role_datum_t *role; char *id; @@ -2523,50 +2605,90 @@ } memset(expr, 0, sizeof(constraint_expr_t)); expr->expr_type = expr_type; - expr->count = 1; switch (expr_type) { case CEXPR_NOT: + e1 = NULL; + e2 = (struct constraint_expr *) arg1; + while (e2) { + e1 = e2; + e2 = e2->next; + } + if (!e1 || e1->next) { + yyerror("illegal constraint expression"); + free(expr); + return NULL; + } + e1->next = expr; + return (struct constraint_expr *) arg1; case CEXPR_AND: case CEXPR_OR: - expr->left = (struct constraint_expr *) arg1; - expr->right = (struct constraint_expr *) arg2; - break; + e1 = NULL; + e2 = (struct constraint_expr *) arg1; + while (e2) { + e1 = e2; + e2 = e2->next; + } + if (!e1 || e1->next) { + yyerror("illegal constraint expression"); + free(expr); + return NULL; + } + e1->next = (struct constraint_expr *) arg2; + + e1 = NULL; + e2 = (struct constraint_expr *) arg2; + while (e2) { + e1 = e2; + e2 = e2->next; + } + if (!e1 || e1->next) { + yyerror("illegal constraint expression"); + free(expr); + return NULL; + } + e1->next = expr; + return (struct constraint_expr *) arg1; case CEXPR_ATTR: - expr->attr = arg1; - expr->op = arg2; - break; + expr->attr = (__u32)arg1; + expr->op = (__u32)arg2; + return expr; case CEXPR_NAMES: - expr->attr = arg1; - expr->op = arg2; + expr->attr = (__u32)arg1; + expr->op = (__u32)arg2; while ((id = (char *) queue_remove(id_queue))) { - if (arg1 & CEXPR_USER) { + if (expr->attr & CEXPR_USER) { user = (user_datum_t *) hashtab_search(policydbp->p_users.table, (hashtab_key_t) id); if (!user) { sprintf(errormsg, "unknown user %s", id); yyerror(errormsg); + free(expr); return NULL; } val = user->value; - } else if (arg1 & CEXPR_ROLE) { + } else if (expr->attr & CEXPR_ROLE) { role = (role_datum_t *) hashtab_search(policydbp->p_roles.table, (hashtab_key_t) id); if (!role) { sprintf(errormsg, "unknown role %s", id); yyerror(errormsg); + free(expr); return NULL; } val = role->value; - } else if (arg1 & CEXPR_TYPE) { - if (set_types(&expr->names, id)) + } else if (expr->attr & CEXPR_TYPE) { + if (set_types(&expr->names, id)) { + free(expr); return NULL; + } continue; } else { yyerror("invalid constraint expression"); + free(expr); return NULL; } - if (!ebitmap_set_bit(&expr->names, val - 1, TRUE)) { + if (ebitmap_set_bit(&expr->names, val - 1, TRUE)) { yyerror("out of memory"); ebitmap_destroy(&expr->names); free(expr); @@ -2574,13 +2696,16 @@ } free(id); } - break; + return expr; default: yyerror("invalid constraint expression"); + free(expr); return NULL; } - return expr; + yyerror("invalid constraint expression"); + free(expr); + return NULL; } @@ -2751,7 +2876,7 @@ free(id); continue; } - if (!ebitmap_set_bit(&rnode->range.level[l].cat, catdatum->value - 1, TRUE)) { + if (ebitmap_set_bit(&rnode->range.level[l].cat, catdatum->value - 1, TRUE)) { yyerror("out of memory"); free(id); free(levid); @@ -2778,7 +2903,7 @@ if (l == 0) { rnode->range.level[1].sens = rnode->range.level[0].sens; - if (!ebitmap_cpy(&rnode->range.level[1].cat, &rnode->range.level[0].cat)) { + if (ebitmap_cpy(&rnode->range.level[1].cat, &rnode->range.level[0].cat)) { yyerror("out of memory"); free(id); ebitmap_destroy(&rnode->range.level[0].cat); @@ -2934,7 +3059,7 @@ free(id); goto bad; } - if (!ebitmap_set_bit(&c->range.level[l].cat, + if (ebitmap_set_bit(&c->range.level[l].cat, catdatum->value - 1, TRUE)) { yyerror("out of memory"); free(levid); @@ -2956,7 +3081,7 @@ if (l == 0) { c->range.level[1].sens = c->range.level[0].sens; - if (!ebitmap_cpy(&c->range.level[1].cat, &c->range.level[0].cat)) { + if (ebitmap_cpy(&c->range.level[1].cat, &c->range.level[0].cat)) { yyerror("out of memory"); goto bad; @@ -3218,8 +3343,7 @@ if (pass == 1) { free(queue_remove(id_queue)); - if (behavior != SECURITY_FS_USE_PSID) - parse_security_context(NULL); + parse_security_context(NULL); return 0; } @@ -3236,13 +3360,12 @@ return -1; } newc->v.behavior = behavior; - if (behavior != SECURITY_FS_USE_PSID) { - if (parse_security_context(&newc->context[0])) { - free(newc->u.name); - free(newc); - return -1; - } + if (parse_security_context(&newc->context[0])) { + free(newc->u.name); + free(newc); + return -1; } + head = policydbp->ocontexts[OCON_FSUSE]; for (c = head; c; c = c->next) { ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/checkpolicy/policy_scan.l#2 (text+ko) ==== @@ -1,10 +1,6 @@ /* - * Author : Stephen Smalley (NAI Labs), <ssmalley@nai.com> - * - * The policy compiler was originally written while I was employed by NSA, - * but I have implemented a number of extensions and revisions since - * joining NAI Labs. + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> */ /* FLASK */ @@ -12,7 +8,6 @@ %{ #include "policy_parse.h" - static char linebuf[2][255]; static unsigned int lno = 0; @@ -111,8 +106,8 @@ NETIFCON { return(NETIFCON);} nodecon | NODECON { return(NODECON);} -fs_use_psid | -FS_USE_PSID {return(FSUSEPSID);} +fs_use_xattr | +FS_USE_XATTR {return(FSUSEXATTR);} fs_use_task | FS_USE_TASK {return(FSUSETASK);} fs_use_trans | @@ -131,8 +126,9 @@ T1 { return(T1); } t2 | T2 { return(T2); } -"/"({letter}|{digit}|_|"."|"/")* { return(PATH); } +"/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); } {letter}({letter}|{digit}|_)* { return(IDENTIFIER); } +{letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); } {digit}{digit}* { return(NUMBER); } #[^\n]* { /* delete comments */ } [ \t\f]+ { /* delete whitespace */ } ==== //depot/projects/trustedbsd/sebsd/sbin/sebsd_checkpolicy/Makefile#2 (text+ko) ==== @@ -5,15 +5,16 @@ PROG= sebsd_checkpolicy MAN= SRCS= policy_scan.l policy_parse.y checkpolicy.c avtab.c ebitmap.c \ - hashtab.c queue.c policydb.c services.c sidtab.c symtab.c + hashtab.c queue.c policydb.c services.c sidtab.c symtab.c write.c CFLAGS+=-I${.CURDIR}/../../contrib/sebsd/checkpolicy CFLAGS+=-I${.CURDIR}/../../sys/security/sebsd/avc CFLAGS+=-I${.CURDIR}/../../sys/security/sebsd/ss CFLAGS+=-I${.CURDIR}/../../sys/security/sebsd CFLAGS+=-I${.CURDIR}/../../sys CFLAGS+=-I${.OBJDIR} +CFLAGS+=-g -LDADD+= -lfl +LDADD+= -g -lfl WARNS= 0 ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#4 (text+ko) ==== @@ -1,16 +1,16 @@ /* - * Author: Stephen Smalley, NAI Labs, <ssmalley@nai.com> + * Implementation of the kernel access vector cache (AVC). + * + * Authors: Stephen Smalley, <sds@epoch.ncsc.mil> + * James Morris <jmorris@redhat.com> * - * The access vector cache was originally written while I was employed by NSA, - * and has undergone some revisions since I joined NAI Labs, but is largely - * unchanged. + * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> * - * Ported to FreeBSD: Chris Vance, NAI Labs, <cvance@nai.com> + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. */ >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309151403.h8FE3hZx036936>