selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: [PATCH 2/2] libsepol: remove dead code in check_avtab_h

[PATCH 2/2] libsepol: remove dead code in check_avtab_hierarchy_callback()

From: KaiGai Kohei <kaigai_at_nospam>
Date: Wed Jan 20 2010 - 04:26:20 GMT
To: method@manicmethod.com


This patch removes dead code in check_avtab_hierarchy_callback().

Due to the historical reason, the type boundary feature is delivered from hierarchical types in libsepol, it has supported boundary features both of subject type (domain; in most cases) and target type.

However, we don't have any actual use cases in bounded target types, and it tended to make conceptual confusion. So, this patch removes the dead code to apply boundary checks on the target types in libsepol (when expand-check=1). I makes clear the TYPEBOUNDS restricts privileges of a certain domain bounded to any other domain.

 Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> -- libsepol/src/hierarchy.c | 71 ++++++++++++--------------------------------- 1 files changed, 19 insertions(+), 52 deletions(-) diff --git a/libsepol/src/hierarchy.c b/libsepol/src/hierarchy.c index e2df5a4..87a9d9c 100644 --- a/libsepol/src/hierarchy.c +++ b/libsepol/src/hierarchy.c @@ -159,7 +159,7 @@ static int check_avtab_hierarchy_callback(avtab_key_t * k, avtab_datum_t * d, { avtab_key_t key; hierarchy_args_t *a = (hierarchy_args_t *) args; - type_datum_t *s, *t1 = NULL, *t2 = NULL;
+ type_datum_t *s, *t;
avtab_datum_t av; if (!(k->specified & AVTAB_ALLOWED)) { @@ -169,62 +169,29 @@ static int check_avtab_hierarchy_callback(avtab_key_t * k, avtab_datum_t * d, /* search for parent first */ s = a->p->type_val_to_struct[k->source_type - 1]; - if (find_parent_type(a, s, &t1) < 0)
+ if (find_parent_type(a, s, &t) < 0)
return -1; - if (t1) { - /* - * search for access allowed between type 1's - * parent and type 2. - */ - key.source_type = t1->s.value; - key.target_type = k->target_type; - key.target_class = k->target_class; - key.specified = AVTAB_ALLOWED; - compute_avtab_datum(a, &key, &av); - - if ((av.data & d->data) == d->data) - return 0; - } - - /* next we try type 1 and type 2's parent */ - s = a->p->type_val_to_struct[k->target_type - 1]; - if (find_parent_type(a, s, &t2) < 0) - return -1; - if (t2) { - /* - * search for access allowed between type 1 and - * type 2's parent. - */ - key.source_type = k->source_type; - key.target_type = t2->s.value; - key.target_class = k->target_class; - key.specified = AVTAB_ALLOWED; - compute_avtab_datum(a, &key, &av); - - if ((av.data & d->data) == d->data) - return 0; - } - if (t1 && t2) { - /* - * search for access allowed between type 1's parent - * and type 2's parent. - */ - key.source_type = t1->s.value; - key.target_type = t2->s.value; - key.target_class = k->target_class; - key.specified = AVTAB_ALLOWED; - compute_avtab_datum(a, &key, &av); - - if ((av.data & d->data) == d->data) - return 0; - }
+ /*
+ * If the given subject security context does not have any
+ * parent domain, we don't need to apply sanity checks on
+ * the type boundary constraint.
+ */
+ if (!t)
+ return 0;
/* - * Neither one of these types have parents and - * therefore the hierarchical constraint does not apply
+ * Search for access allowed between the parent domain and
+ * the type. All the permissions with the child domain have
+ * to be allowed to the parent domain also.
*/ - if (!t1 && !t2)
+ key.source_type = t->s.value;
+ key.target_type = k->target_type;
+ key.target_class = k->target_class;
+ key.specified = AVTAB_ALLOWED;
+ compute_avtab_datum(a, &key, &av);
+
+ if ((av.data & d->data) == d->data)
return 0; /* -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.