diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2019-02-25 10:49:02 -0500 |
|---|---|---|
| committer | Petr Lautrbach <plautrba@redhat.com> | 2019-03-01 12:51:31 +0100 |
| commit | c19395d72295f5e69275d98df5db22dfdf214b6c (patch) | |
| tree | ea2410795ff7827e9b20f1005876d03b0226a01f /libselinux/src/compute_av.c | |
| parent | 478c745d82d7c8bb4b15209408335a97891dc4ae (diff) | |
| download | android_external_selinux-c19395d72295f5e69275d98df5db22dfdf214b6c.tar.gz android_external_selinux-c19395d72295f5e69275d98df5db22dfdf214b6c.tar.bz2 android_external_selinux-c19395d72295f5e69275d98df5db22dfdf214b6c.zip | |
libselinux: selinux_set_mapping: fix handling of unknown classes/perms
The libselinux selinux_set_mapping() implementation was never updated
to handle unknown classes/permissions based on the policy handle_unknown
flag. Update it and the internal mapping functions to gracefully
handle unknown classes/permissions. Add a security_reject_unknown()
interface to expose the corresponding selinuxfs node and use it when
creating a mapping to decide whether to fail immediately or proceed.
This enables dbus-daemon and XSELinux, which use selinux_set_mapping(),
to continue working with the dummy policy or other policies that lack
their userspace class/permission definitions as long as the policy
was built with -U allow.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'libselinux/src/compute_av.c')
| -rw-r--r-- | libselinux/src/compute_av.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c index 1d05e7b6..a47cffe9 100644 --- a/libselinux/src/compute_av.c +++ b/libselinux/src/compute_av.c @@ -20,6 +20,7 @@ int security_compute_av_flags_raw(const char * scon, char *buf; size_t len; int fd, ret; + security_class_t kclass; if (!selinux_mnt) { errno = ENOENT; @@ -38,8 +39,9 @@ int security_compute_av_flags_raw(const char * scon, goto out; } + kclass = unmap_class(tclass); snprintf(buf, len, "%s %s %hu %x", scon, tcon, - unmap_class(tclass), unmap_perm(tclass, requested)); + kclass, unmap_perm(tclass, requested)); ret = write(fd, buf, strlen(buf)); if (ret < 0) @@ -60,8 +62,14 @@ int security_compute_av_flags_raw(const char * scon, } else if (ret < 6) avd->flags = 0; - /* If tclass invalid, kernel sets avd according to deny_unknown flag */ - if (tclass != 0) + /* + * If the tclass could not be mapped to a kernel class at all, the + * kernel will have already set avd according to the + * handle_unknown flag and we do not need to do anything further. + * Otherwise, we must map the permissions within the returned + * avd to the userspace permission values. + */ + if (kclass != 0) map_decision(tclass, avd); ret = 0; |