From owner-p4-projects@FreeBSD.ORG Thu Sep 7 13:46:06 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1B07E16A4EE; Thu, 7 Sep 2006 13:46:06 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D1C8916A4DD for ; Thu, 7 Sep 2006 13:46:05 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10A5A43D8D for ; Thu, 7 Sep 2006 13:45:30 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k87DjTqV016642 for ; Thu, 7 Sep 2006 13:45:29 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k87DjTW9016639 for perforce@freebsd.org; Thu, 7 Sep 2006 13:45:29 GMT (envelope-from millert@freebsd.org) Date: Thu, 7 Sep 2006 13:45:29 GMT Message-Id: <200609071345.k87DjTW9016639@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 105786 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 13:46:06 -0000 http://perforce.freebsd.org/chv.cgi?CH=105786 Change 105786 by millert@millert_g5tower on 2006/09/07 13:44:32 Update to libsepol_1_12_26 from sourceforge svn Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/avtab.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/context.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/expand.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/mls_types.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/policydb.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/avrule_block.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/expand.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/link.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/mls.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/policydb.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/users.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/write.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/debug.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/debug.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/helpers.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/helpers.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/libsepol-tests.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/refpolicy-base.conf#2 delete .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/support/misc_macros.spt#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-cond/refpolicy-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/base-metreq.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/base-notmetreq.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-attr-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-attr-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-bool-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-bool-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-obj-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-obj-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-perm-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-perm-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-role-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-role-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-type-global.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/modreq-type-opt.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/module.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-deps/small-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/alias-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/alias-module.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/base-base-only.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/module.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/role-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/role-module.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/small-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/user-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-expander/user-module.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-hooks/cmp_policy.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-hooks/module_add_role_allow_trans.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-hooks/module_add_symbols.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-hooks/small-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-linker/module1.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-linker/module2.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/policies/test-linker/small-base.conf#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-common.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-common.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-cond.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-deps.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-deps.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-attr-map.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-attr-map.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-roles.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-roles.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-users.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander-users.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-expander.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-cond-map.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-cond-map.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-roles.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-roles.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-types.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker-types.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/tests/test-linker.h#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/ChangeLog#3 (text+ko) ==== @@ -1,3 +1,14 @@ +1.12.26 2006-09-05 + * Merged range transition enhancements and user format changes + Darrel Goeddel + +1.12.25 2006-08-24 + * Merged conditionally expand neverallows patch from Jeremy Mowery. + * Merged refactor expander patch from Jeremy Mowery. + +1.12.24 2006-08-03 + * Merged libsepol unit tests from Joshua Brindle. + 1.12.23 2006-08-03 * Merged symtab datum patch from Karl MacMillan. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/VERSION#3 (text+ko) ==== @@ -1,1 +1,1 @@ -1.12.23 +1.12.26 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/avtab.h#3 (text+ko) ==== @@ -45,6 +45,7 @@ #define AVTAB_ALLOWED 1 #define AVTAB_AUDITALLOW 2 #define AVTAB_AUDITDENY 4 +#define AVTAB_NEVERALLOW 128 #define AVTAB_AV (AVTAB_ALLOWED | AVTAB_AUDITALLOW | AVTAB_AUDITDENY) #define AVTAB_TRANSITION 16 #define AVTAB_MEMBER 32 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/context.h#3 (text+ko) ==== @@ -36,8 +36,7 @@ static inline void mls_context_init(context_struct_t * c) { - mls_level_init(&c->range.level[0]); - mls_level_init(&c->range.level[1]); + mls_range_init(&c->range); } static inline int mls_context_cpy(context_struct_t * dst, @@ -62,8 +61,7 @@ if (c == NULL) return; - mls_level_destroy(&c->range.level[0]); - mls_level_destroy(&c->range.level[1]); + mls_range_destroy(&c->range); mls_context_init(c); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/expand.h#3 (text+ko) ==== @@ -29,6 +29,24 @@ #include #include +/* + * Expand only the avrules for a module. It is valid for this function to + * expand base into itself (i.e. base == out); the typemap for this special + * case should map type[i] to i+1. This function optionally expands neverallow + * rules. If neverallow rules are expanded, there is no need to copy them and + * doing so could cause duplicate entries when base == out. If the neverallow + * rules are not expanded, they are just copied to the destination policy so + * that assertion checking can be performed after expand. No assertion or + * hierarchy checking is performed by this function. + */ +extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, + policydb_t * out, uint32_t * typemap, + int verbose, int expand_neverallow); +/* + * Expand all parts of a module. Neverallow rules are not expanded (only + * copied). It is not valid to expand base into itself. If check is non-zero, + * performs hierarchy and assertion checking. + */ extern int expand_module(sepol_handle_t * handle, policydb_t * base, policydb_t * out, int verbose, int check); @@ -40,6 +58,10 @@ extern int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p, unsigned char alwaysexpand); extern int role_set_expand(role_set_t * x, ebitmap_t * r, policydb_t * p); +extern int mls_semantic_level_expand(mls_semantic_level_t *sl, mls_level_t *l, + policydb_t *p, sepol_handle_t *h); +extern int mls_semantic_range_expand(mls_semantic_range_t *sr, mls_range_t *r, + policydb_t *p, sepol_handle_t *h); extern int expand_rule(sepol_handle_t * handle, policydb_t * source_pol, avrule_t * source_rule, avtab_t * dest_avtab, ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/mls_types.h#3 (text+ko) ==== @@ -32,6 +32,7 @@ #define _SEPOL_POLICYDB_MLS_TYPES_H_ #include +#include #include #include @@ -107,4 +108,46 @@ return -1; } +static inline void mls_range_init(struct mls_range *r) +{ + mls_level_init(&r->level[0]); + mls_level_init(&r->level[1]); +} + +static inline void mls_range_destroy(struct mls_range *r) +{ + mls_level_destroy(&r->level[0]); + mls_level_destroy(&r->level[1]); +} + +static inline int mls_range_eq(struct mls_range *r1, struct mls_range *r2) +{ + return (mls_level_eq(&r1->level[0], &r2->level[0]) && + mls_level_eq(&r1->level[1], &r2->level[1])); +} + +typedef struct mls_semantic_cat { + uint32_t low; /* first bit this struct represents */ + uint32_t high; /* last bit represented - equals low for a single cat */ + struct mls_semantic_cat *next; +} mls_semantic_cat_t; + +typedef struct mls_semantic_level { + uint32_t sens; + mls_semantic_cat_t *cat; +} mls_semantic_level_t; + +typedef struct mls_semantic_range { + mls_semantic_level_t level[2]; +} mls_semantic_range_t; + +extern void mls_semantic_cat_init(mls_semantic_cat_t *c); +extern void mls_semantic_cat_destroy(mls_semantic_cat_t *c); +extern void mls_semantic_level_init(mls_semantic_level_t *l); +extern void mls_semantic_level_destroy(mls_semantic_level_t *l); +extern int mls_semantic_level_cpy(mls_semantic_level_t *dst, mls_semantic_level_t *src); +extern void mls_semantic_range_init(mls_semantic_range_t *r); +extern void mls_semantic_range_destroy(mls_semantic_range_t *r); +extern int mls_semantic_range_cpy(mls_semantic_range_t *dst, mls_semantic_range_t *src); + #endif ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/policydb.h#3 (text+ko) ==== @@ -65,6 +65,10 @@ #define ERRMSG_LEN 1024 +#define POLICYDB_SUCCESS 0 +#define POLICYDB_ERROR -1 +#define POLICYDB_UNSUPPORTED -2 + /* * A datum type is defined for each kind of symbol * in the configuration data: individual permissions, @@ -145,9 +149,11 @@ typedef struct user_datum { symtab_datum_t s; role_set_t roles; /* set of authorized roles for user */ - mls_range_t range; /* MLS range (min. - max.) for user */ - mls_level_t dfltlevel; /* default login MLS level for user */ + mls_semantic_range_t range; /* MLS range (min. - max.) for user */ + mls_semantic_level_t dfltlevel; /* default login MLS level for user */ ebitmap_t cache; /* This is an expanded set used for context validation during parsing */ + mls_range_t exp_range; /* expanded range used for validation */ + mls_level_t exp_dfltlevel; /* expanded range used for validation */ } user_datum_t; /* Sensitivity attributes */ @@ -164,9 +170,10 @@ } cat_datum_t; typedef struct range_trans { - uint32_t dom; /* current process domain */ - uint32_t type; /* program executable type */ - mls_range_t range; /* new range */ + uint32_t source_type; + uint32_t target_type; + uint32_t target_class; + mls_range_t target_range; struct range_trans *next; } range_trans_t; @@ -194,12 +201,12 @@ #define AVRULE_AUDITALLOW 2 #define AVRULE_AUDITDENY 4 #define AVRULE_DONTAUDIT 8 -#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT) +#define AVRULE_NEVERALLOW 128 +#define AVRULE_AV (AVRULE_ALLOWED | AVRULE_AUDITALLOW | AVRULE_AUDITDENY | AVRULE_DONTAUDIT | AVRULE_NEVERALLOW) #define AVRULE_TRANSITION 16 #define AVRULE_MEMBER 32 #define AVRULE_CHANGE 64 #define AVRULE_TYPE (AVRULE_TRANSITION | AVRULE_MEMBER | AVRULE_CHANGE) -#define AVRULE_NEVERALLOW 128 uint32_t specified; #define RULE_SELF 1 uint32_t flags; @@ -224,6 +231,14 @@ struct role_allow_rule *next; } role_allow_rule_t; +typedef struct range_trans_rule { + type_set_t stypes; + type_set_t ttypes; + ebitmap_t tclasses; + mls_semantic_range_t trange; + struct range_trans_rule *next; +} range_trans_rule_t; + /* * The configuration data includes security contexts for * initial SIDs, unlabeled file systems, TCP and UDP port numbers, @@ -321,6 +336,7 @@ avrule_t *avrules; role_trans_rule_t *role_tr_rules; role_allow_rule_t *role_allow_rules; + range_trans_rule_t *range_tr_rules; scope_index_t required; /* symbols needed to activate this block */ scope_index_t declared; /* symbols declared within this block */ @@ -371,6 +387,9 @@ char *name; char *version; + /* Set when the policydb is modified such that writing is unsupported */ + int unsupported_format; + /* Whether this policydb is mls, should always be set */ int mls; @@ -506,6 +525,9 @@ extern void role_allow_rule_init(role_allow_rule_t * x); extern void role_allow_rule_destroy(role_allow_rule_t * x); extern void role_allow_rule_list_destroy(role_allow_rule_t * x); +extern void range_trans_rule_init(range_trans_rule_t *x); +extern void range_trans_rule_destroy(range_trans_rule_t *x); +extern void range_trans_rule_list_destroy(range_trans_rule_t *x); extern void type_datum_init(type_datum_t * x); extern void type_datum_destroy(type_datum_t * x); extern void user_datum_init(user_datum_t * x); @@ -555,18 +577,21 @@ #define POLICYDB_VERSION_VALIDATETRANS 19 #define POLICYDB_VERSION_MLS 19 #define POLICYDB_VERSION_AVTAB 20 +#define POLICYDB_VERSION_RANGETRANS 21 /* Range of policy versions we understand*/ #define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE -#define POLICYDB_VERSION_MAX POLICYDB_VERSION_AVTAB +#define POLICYDB_VERSION_MAX POLICYDB_VERSION_RANGETRANS /* Module versions and specific changes*/ #define MOD_POLICYDB_VERSION_BASE 4 #define MOD_POLICYDB_VERSION_VALIDATETRANS 5 #define MOD_POLICYDB_VERSION_MLS 5 +#define MOD_POLICYDB_VERSION_RANGETRANS 6 +#define MOD_POLICYDB_VERSION_MLS_USERS 6 #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE -#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_MLS +#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_MLS_USERS #define POLICYDB_CONFIG_MLS 1 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/avrule_block.c#3 (text+ko) ==== @@ -99,6 +99,7 @@ avrule_list_destroy(x->avrules); role_trans_rule_list_destroy(x->role_tr_rules); role_allow_rule_list_destroy(x->role_allow_rules); + range_trans_rule_list_destroy(x->range_tr_rules); scope_index_destroy(&x->required); scope_index_destroy(&x->declared); symtabs_destroy(x->symtab); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/expand.c#3 (text+ko) ==== @@ -41,8 +41,14 @@ policydb_t *base; policydb_t *out; sepol_handle_t *handle; + int expand_neverallow; } expand_state_t; +static void expand_state_init(expand_state_t * state) +{ + memset(state, 0, sizeof(expand_state_t)); +} + static int type_copy_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) { @@ -574,12 +580,64 @@ return 0; } -static int mls_level_clone(mls_level_t * dst, mls_level_t * src) +int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l, + policydb_t * p, sepol_handle_t * h) +{ + mls_semantic_cat_t *cat; + level_datum_t *levdatum; + unsigned int i; + + mls_level_init(l); + + if (!p->mls) + return 0; + + l->sens = sl->sens; + levdatum = (level_datum_t *) hashtab_search(p->p_levels.table, + p->p_sens_val_to_name[l-> + sens - + 1]); + for (cat = sl->cat; cat; cat = cat->next) { + if (cat->low > cat->high) { + ERR(h, "Category range is not valid %s.%s", + p->p_cat_val_to_name[cat->low - 1], + p->p_cat_val_to_name[cat->high - 1]); + return -1; + } + for (i = cat->low - 1; i < cat->high; i++) { + if (!ebitmap_get_bit(&levdatum->level->cat, i)) { + ERR(h, "Category %s can not be associate with " + "level %s", + p->p_cat_val_to_name[i], + p->p_sens_val_to_name[l->sens - 1]); + } + if (ebitmap_set_bit(&l->cat, i, 1)) { + ERR(h, "Out of memory!"); + return -1; + } + } + } + + return 0; +} + +int mls_semantic_range_expand(mls_semantic_range_t * sr, mls_range_t * r, + policydb_t * p, sepol_handle_t * h) { - dst->sens = src->sens; - if (ebitmap_cpy(&dst->cat, &src->cat)) { + if (mls_semantic_level_expand(&sr->level[0], &r->level[0], p, h) < 0) + return -1; + + if (mls_semantic_level_expand(&sr->level[1], &r->level[1], p, h) < 0) { + mls_semantic_level_destroy(&sr->level[0]); + return -1; + } + + if (!mls_level_dom(&r->level[1], &r->level[0])) { + mls_range_destroy(r); + ERR(h, "MLS range high level does not dominate low level"); return -1; } + return 0; } @@ -634,16 +692,46 @@ return -1; } - /* clone MLS stuff */ - if (mls_level_clone - (&new_user->range.level[0], &user->range.level[0]) == -1 - || mls_level_clone(&new_user->range.level[1], - &user->range.level[1]) == -1 - || mls_level_clone(&new_user->dfltlevel, - &user->dfltlevel) == -1) { - ERR(state->handle, "Out of memory!"); + /* expand the semantic MLS info */ + if (mls_semantic_range_expand(&user->range, + &new_user->exp_range, + state->out, state->handle)) { + return -1; + } + if (mls_semantic_level_expand(&user->dfltlevel, + &new_user->exp_dfltlevel, + state->out, state->handle)) { + return -1; + } + if (!mls_level_between(&new_user->exp_dfltlevel, + &new_user->exp_range.level[0], + &new_user->exp_range.level[1])) { + ERR(state->handle, "default level not within user " + "range"); + return -1; + } + } else { + /* require that the MLS info match */ + mls_range_t tmp_range; + mls_level_t tmp_level; + + if (mls_semantic_range_expand(&user->range, &tmp_range, + state->out, state->handle)) { + return -1; + } + if (mls_semantic_level_expand(&user->dfltlevel, &tmp_level, + state->out, state->handle)) { + mls_range_destroy(&tmp_range); + return -1; + } + if (!mls_range_eq(&new_user->exp_range, &tmp_range) || + !mls_level_eq(&new_user->exp_dfltlevel, &tmp_level)) { + mls_range_destroy(&tmp_range); + mls_level_destroy(&tmp_level); return -1; } + mls_range_destroy(&tmp_range); + mls_level_destroy(&tmp_level); } ebitmap_init(&tmp_union); @@ -733,7 +821,7 @@ } if (state->verbose) - INFO(state->handle, "copying senitivity level %s", id); + INFO(state->handle, "copying sensitivity level %s", id); if ((new_level = (level_datum_t *) calloc(1, sizeof(*new_level))) == NULL @@ -743,7 +831,7 @@ goto out_of_mem; } - if (mls_level_clone(new_level->level, level->level)) { + if (mls_level_cpy(new_level->level, level->level)) { goto out_of_mem; } new_level->isalias = level->isalias; @@ -958,6 +1046,131 @@ return 0; } +static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass, + mls_semantic_range_t * trange, + expand_state_t * state) +{ + range_trans_t *rt, *check_rt = state->out->range_tr; + mls_range_t exp_range; + int rc = -1; + + if (mls_semantic_range_expand(trange, &exp_range, state->out, + state->handle)) + goto out; + + /* check for duplicates/conflicts */ + while (check_rt) { + if ((check_rt->source_type == stype) && + (check_rt->target_type == ttype) && + (check_rt->target_class == tclass)) { + if (mls_range_eq(&check_rt->target_range, &exp_range)) { + /* duplicate */ + break; + } else { + /* conflict */ + ERR(state->handle, + "Conflicting range trans rule %s %s : %s", + state->out->p_type_val_to_name[stype - 1], + state->out->p_type_val_to_name[ttype - 1], + state->out->p_class_val_to_name[tclass - + 1]); + goto out; + } + } + check_rt = check_rt->next; + } + if (check_rt) { + /* this is a dup - skip */ + rc = 0; + goto out; + } + + rt = (range_trans_t *) calloc(1, sizeof(range_trans_t)); + if (!rt) { + ERR(state->handle, "Out of memory!"); + goto out; + } + + rt->next = state->out->range_tr; + state->out->range_tr = rt; + + rt->source_type = stype; + rt->target_type = ttype; + rt->target_class = tclass; + if (mls_range_cpy(&rt->target_range, &exp_range)) { + ERR(state->handle, "Out of memory!"); + goto out; + } + + rc = 0; + + out: + mls_range_destroy(&exp_range); + return rc; +} + +static int expand_range_trans(expand_state_t * state, + range_trans_rule_t * rules) +{ + unsigned int i, j, k; + range_trans_rule_t *rule; + + ebitmap_t stypes, ttypes; + ebitmap_node_t *snode, *tnode, *cnode; + + if (state->verbose) + INFO(state->handle, "expanding range transitions"); + + for (rule = rules; rule; rule = rule->next) { + ebitmap_init(&stypes); + ebitmap_init(&ttypes); + + /* expand the type sets */ + if (expand_convert_type_set(state->out, state->typemap, + &rule->stypes, &stypes, 1)) { + ERR(state->handle, "Out of memory!"); + return -1; + } + if (expand_convert_type_set(state->out, state->typemap, + &rule->ttypes, &ttypes, 1)) { + ebitmap_destroy(&stypes); + ERR(state->handle, "Out of memory!"); + return -1; + } + + /* loop on source type */ + ebitmap_for_each_bit(&stypes, snode, i) { + if (!ebitmap_node_get_bit(snode, i)) + continue; + /* loop on target type */ + ebitmap_for_each_bit(&ttypes, tnode, j) { + if (!ebitmap_node_get_bit(tnode, j)) + continue; + /* loop on target class */ + ebitmap_for_each_bit(&rule->tclasses, cnode, k) { + if (!ebitmap_node_get_bit(cnode, k)) + continue; + + if (exp_rangetr_helper(i + 1, + j + 1, + k + 1, + &rule->trange, + state)) { + ebitmap_destroy(&stypes); + ebitmap_destroy(&ttypes); + return -1; + } + } + } + } + + ebitmap_destroy(&stypes); + ebitmap_destroy(&ttypes); + } + + return 0; +} + /* Search for an AV tab node within a hash table with the given key. * If the node does not exist, create it and return it; otherwise * return the pre-existing one. @@ -1007,6 +1220,10 @@ return node; } +#define EXPAND_RULE_SUCCESS 1 +#define EXPAND_RULE_CONFLICT 0 +#define EXPAND_RULE_ERROR -1 + static int expand_terule_helper(sepol_handle_t * handle, policydb_t * p, uint32_t * typemap, uint32_t specified, cond_av_list_t ** cond, @@ -1069,7 +1286,7 @@ * or in same conditional then ignore it */ if ((conflict == 1 && cond == NULL) || node->parse_context == cond) - return 1; + return EXPAND_RULE_SUCCESS; ERR(handle, "duplicate TE rule for %s %s:%s %s", p->p_type_val_to_name[avkey.source_type - 1], @@ -1078,7 +1295,7 @@ p->p_class_val_to_name[avkey.target_class - 1], p->p_type_val_to_name[oldtype - 1]); - return 0; + return EXPAND_RULE_CONFLICT; } ERR(handle, "conflicting TE rule for (%s, %s:%s): old was %s, new is %s", @@ -1087,7 +1304,7 @@ p->p_class_val_to_name[avkey.target_class - 1], p->p_type_val_to_name[oldtype - 1], p->p_type_val_to_name[remapped_data - 1]); - return 0; + return EXPAND_RULE_CONFLICT; } node = find_avtab_node(handle, avtab, &avkey, cond); @@ -1113,7 +1330,7 @@ cur = cur->next; } - return 1; + return EXPAND_RULE_SUCCESS; } static int expand_avrule_helper(sepol_handle_t * handle, @@ -1137,6 +1354,8 @@ spec = AVTAB_AUDITDENY; } else if (specified & AVRULE_DONTAUDIT) { spec = AVTAB_AUDITDENY; + } else if (specified & AVRULE_NEVERALLOW) { + spec = AVTAB_NEVERALLOW; } else { assert(0); /* unreachable */ } @@ -1150,7 +1369,7 @@ node = find_avtab_node(handle, avtab, &avkey, cond); if (!node) - return -1; + return EXPAND_RULE_ERROR; if (enabled) { node->key.specified |= AVTAB_ENABLED; } else { @@ -1162,6 +1381,8 @@ avdatump->data |= cur->data; } else if (specified & AVRULE_AUDITALLOW) { avdatump->data |= cur->data; + } else if (specified & AVRULE_NEVERALLOW) { + avdatump->data |= cur->data; } else if (specified & AVRULE_AUDITDENY) { /* Since a '0' in an auditdeny mask represents * a permission we do NOT want to audit @@ -1182,7 +1403,7 @@ cur = cur->next; } - return 1; + return EXPAND_RULE_SUCCESS; } static int expand_rule_helper(sepol_handle_t * handle, @@ -1207,7 +1428,8 @@ specified, cond, i, i, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } else { @@ -1219,7 +1441,8 @@ other, i, i, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } @@ -1234,7 +1457,8 @@ specified, cond, i, j, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } else { @@ -1246,32 +1470,36 @@ other, i, j, source_rule->perms, dest_avtab, - enabled)) != 1) { + enabled)) != + EXPAND_RULE_SUCCESS) { return retval; } } } } - return 1; + return EXPAND_RULE_SUCCESS; } -/* Expand a rule into a given avtab - checking for conflicting type - * rules in the destination policy. Return 1 on success, 0 if the - * rule conflicts with something (and hence was not added), or -1 on - * error. */ +/* + * Expand a rule into a given avtab - checking for conflicting type + * rules in the destination policy. Return EXPAND_RULE_SUCCESS on + * success, EXPAND_RULE_CONFLICT if the rule conflicts with something + * (and hence was not added), or EXPAND_RULE_ERROR on error. + */ static int convert_and_expand_rule(sepol_handle_t * handle, policydb_t * dest_pol, uint32_t * typemap, avrule_t * source_rule, avtab_t * dest_avtab, cond_av_list_t ** cond, - cond_av_list_t ** other, int enabled) + cond_av_list_t ** other, int enabled, + int do_neverallow) { int retval; ebitmap_t stypes, ttypes; unsigned char alwaysexpand; - if (source_rule->specified & AVRULE_NEVERALLOW) - return 1; + if (!do_neverallow && source_rule->specified & AVRULE_NEVERALLOW) + return EXPAND_RULE_SUCCESS; ebitmap_init(&stypes); ebitmap_init(&ttypes); @@ -1282,10 +1510,10 @@ if (expand_convert_type_set (dest_pol, typemap, &source_rule->stypes, &stypes, alwaysexpand)) - return -1; + return EXPAND_RULE_ERROR; if (expand_convert_type_set (dest_pol, typemap, &source_rule->ttypes, &ttypes, alwaysexpand)) - return -1; + return EXPAND_RULE_ERROR; retval = expand_rule_helper(handle, dest_pol, typemap, source_rule, dest_avtab, @@ -1306,7 +1534,8 @@ while (cur) { if (convert_and_expand_rule(state->handle, dest_pol, typemap, cur, dest_avtab, - list, other, enabled) != 1) { + list, other, enabled, + 0) != EXPAND_RULE_SUCCESS) { return -1; } @@ -1486,49 +1715,6 @@ return 0; } -static int range_trans_clone(expand_state_t * state) -{ - range_trans_t *range = state->base->range_tr, *last_new_range = NULL, - *new_range = NULL; - state->out->range_tr = NULL; - - if (state->verbose) - INFO(state->handle, "copying range transitions"); - - while (range != NULL) { - if ((new_range = malloc(sizeof(*new_range))) == NULL) { - goto out_of_mem; - } - memset(new_range, 0, sizeof(*new_range)); - new_range->dom = state->typemap[range->dom - 1]; - new_range->type = state->typemap[range->type - 1]; - if (mls_level_clone - (&new_range->range.level[0], &range->range.level[0]) == -1 - || mls_level_clone(&new_range->range.level[1], - &range->range.level[1])) { - goto out_of_mem; - } - new_range->next = NULL; - if (last_new_range == NULL) { - state->out->range_tr = last_new_range = new_range; - } else { - last_new_range->next = new_range; - last_new_range = new_range; - } - range = range->next; - } - return 0; - - out_of_mem: - ERR(state->handle, "Out of memory!"); - if (new_range) { - ebitmap_destroy(&new_range->range.level[0].cat); - ebitmap_destroy(&new_range->range.level[1].cat); - free(new_range); - } - return -1; -} - static int type_attr_map(hashtab_key_t key __attribute__ ((unused)), hashtab_datum_t datum, void *ptr) @@ -1884,6 +2070,97 @@ return -1; } +/* + * Expands the avrule blocks for a policy. RBAC rules are copied. Neverallow + * rules are copied or expanded as per the settings in the state object; all + * other AV rules are expanded. If neverallow rules are expanded, they are not + * copied, otherwise they are copied for later use by the assertion checker. + */ +static int copy_and_expand_avrule_block(expand_state_t * state) +{ + avrule_block_t *curblock; + int retval = -1; + + for (curblock = state->base->global; curblock != NULL; + curblock = curblock->next) { + avrule_decl_t *decl = curblock->enabled; + avrule_t *cur_avrule; + + if (decl == NULL) { + /* nothing was enabled within this block */ + continue; + } + + /* copy role allows and role trans */ + if (copy_role_allows(state, decl->role_allow_rules) != 0 || + copy_role_trans(state, decl->role_tr_rules) != 0) { + goto cleanup; + } + + /* expand the range transition rules */ + if (expand_range_trans(state, decl->range_tr_rules)) + goto cleanup; + + /* copy rules */ + cur_avrule = decl->avrules; + while (cur_avrule != NULL) { + if (!(state->expand_neverallow) + && cur_avrule->specified & AVRULE_NEVERALLOW) { + /* copy this over directly so that assertions are checked later */ + if (copy_neverallow + (state->out, state->typemap, cur_avrule)) + ERR(state->handle, + "Error while copying neverallow."); + } else { + if (cur_avrule->specified & AVRULE_NEVERALLOW) { + state->out->unsupported_format = 1; + } + if (convert_and_expand_rule + (state->handle, state->out, state->typemap, + cur_avrule, &state->out->te_avtab, NULL, + NULL, 0, + state->expand_neverallow) != + EXPAND_RULE_SUCCESS) { + goto cleanup; + } + } + cur_avrule = cur_avrule->next; + } + + /* copy conditional rules */ + if (cond_node_copy(state, decl->cond_list)) + goto cleanup; + } + + retval = 0; + + cleanup: + return retval; +} + +/* + * This function allows external users of the library (such as setools) to + * expand only the avrules and optionally perform expansion of neverallow rules + * or expand into the same policy for analysis purposes. + */ +int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, + policydb_t * out, uint32_t * typemap, int verbose, + int expand_neverallow) +{ + expand_state_t state; + + expand_state_init(&state); + + state.base = base; + state.out = out; + state.typemap = typemap; + state.handle = handle; + state.verbose = verbose; + state.expand_neverallow = expand_neverallow; + + return copy_and_expand_avrule_block(&state); +} + /* Linking should always be done before calling expand, even if * there is only a base since all optionals are dealt with at link time * the base passed in should be indexed and avrule blocks should be @@ -1897,6 +2174,8 @@ expand_state_t state; avrule_block_t *curblock; + expand_state_init(&state); >>> TRUNCATED FOR MAIL (1000 lines) <<<