| Main Archive Page > Month Archives > selinux archives |
Re: [PATCH] libselinux: raw string_to_class/string_to_av_perm variants
From: Eamon Walsh <ewalsh_at_nospam>Date: Thu Oct 08 2009 - 17:19:54 GMT
To: Stephen Smalley <sds@tycho.nsa.gov>
On 10/08/2009 08:30 AM, Stephen Smalley wrote:
> On Wed, 2009-10-07 at 15:50 -0400, Eamon Walsh wrote:
>
>> This patch adds support for remapping classes and permissions on policy
>> reload. This is accomplished by separating the code that computes the
>> "real" kernel class and permission values into a helper function,
>> mapping_compute(). This function is called both from
>> selinux_set_mapping() when the user specifies a new mapping, and from
>> the netlink code when a policyload notification is received. The
>> function now builds up a temporary mapping and swaps it in rather than
>> working on the active mapping in place.
>>
>> Issue: There is a race condition in which old class and permission
>> values may arrive from userspace after a kernel policyload has taken
>> place. Fixing this would require a string interface to the kernel, or
>> some kind of transaction support.
>>
> Also, in addition to these changes, you'll want to grab the
> security_deny_unknown() value at startup and upon policy reloads and use
> it inside of map_decision() for unknown permissions and inside of
> security_compute_av_flags_raw() for unknown classes just as in the
> kernel for map_decision() and security_compute_av(). And possibly
> mapping_compute() should log unknown classes/permissions and their
> disposition (allow or deny) in the same manner as the kernel's
> selinux_set_mapping().
>
Yup, those are the next patches coming, after I manage to free up some time to work on them. -- Eamon Walsh<ewalsh@tycho.nsa.gov> National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.