Re: [PATCH] selinux-testsuite: Add SCTP test support
On Tue, Mar 20, 2018 at 1:48 PM, Richard Haines via Selinux wrote: > The sctp testsuite tests all new sctp SELinux functionality. > > Signed-off-by: Richard Haines Now that the new SELinux userspace is out, I applied this to my test tree and noticed two problems at the start (both easily fixed): * We need to list the lksctp-tools-devel package as a dependency in README.md * Minor merge conflict in policy/Makefile ... actually running the test went rather well, but there was one test failure: test #11, the "asconf parameter chunk processing". Looking a bit closer at the failure, it appears that the address detection code at the top of tests/sctp/test needs to be a bit more robust as 'hostname -I' returns multiple addresses, but they are a mix of IPv4 and IPv6 - all on one interface. I would suggest taking a look at parsing the output of 'ip -o addr show up scope global' and using that instead of 'hostname -I'. -- paul moore www.paul-moore.com ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH 2/3] libselinux: Fix line wrapping in selabel_file.5
On Mon, May 28, 2018 at 11:46 PM, Laurent Bigonville wrote:
> From: Laurent Bigonville
>
> Fix line wrapping with limited to 80 columns
>
> Fix lintian error:
> W: selinux-utils: manpage-has-errors-from-man
> usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust
> line
>
> Signed-off-by: Laurent Bigonville
> ---
> libselinux/man/man5/selabel_file.5 | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/man/man5/selabel_file.5
> b/libselinux/man/man5/selabel_file.5
> index e7388242..e97bd826 100644
> --- a/libselinux/man/man5/selabel_file.5
> +++ b/libselinux/man/man5/selabel_file.5
> @@ -92,7 +92,7 @@ The optional local and distribution substitution files that
> perform any path ali
> .RE
> .sp
> The default file context series of files are:
> -.RS
> +.RS 6
> .I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts
> .br
> .I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.local
> --
> 2.17.0
All the manpage patches look good to me (and I give them an ack).
For information, I didn't know what the default indent value of ".RS"
[1] is and it seems to be 8. I tested running "man ./selabel_file.5"
in a 80-char-wide terminal and the line
"/etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.subs_dist" is
no longer cut after this patch.
Thanks,
Nicolas
[1] For those who are unfamiliar with manpage code, this instruction
increases the indent by moving the left margin to the right.
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH V3 0/5] selinux:Significant reduce of preempt_disable holds
On 05/30/2018 10:10 AM, Peter Enderborg wrote: > Holding the preempt_disable is very bad for low latency tasks > such as audio and therefore we need to break out the rule-set dependent > part from this disable. By using a RCU instead of rwlock we > have an efficient locking and less preemption interference. > > Selinux uses a lot of read_locks. This patch replaces the rwlock > with RCU that does not hold preempt_disable. > > Intel Xeon W3520 2.67 Ghz running FC27 with 4.15.0-rc9git (+measurement) > I get preempt_disable of about 1.2ms in security_compute_av(). > With the patch I get 960us as the longest security_compute_av() > without preempt disabeld. There are very much noise in the measurement > but it is not likely a degrade. > > And the preempt_disable times is also very dependent on the selinux > rule-set. > > In security_get_user_sids() we have two nested for-loops and the > inner part calls sittab_context_to_sid() that calls > sidtab_search_context() that has a for loop() over a while() where > the loops is dependent on the rules. > > On the test system the average lookup time is 60us and does > not change with the introduced RCU usage. > > The boolean change becomes a lot more heavy with this patch, > but it is a very rare usage in compare with read only operations. > The lock held during a policydb_copy is about 1ms on a XEON. This has a very substantial performance impact on setsebool, e.g. time setsebool httpd_can_sendmail=1. That's because you are doing a full vmalloc();policydb_write();policydb_read();vfree() sequence on it. In comparison, KaiGai's old attempt to replace the policy rwlock with RCU only duplicated the conditional policydb state (via a cond_policydb_dup) that he introduced. Is there a reason you couldn't use that approach? > > To use RCU the structure of policydb has to be accesses through a pointer. > We need 5 patches to get there. > > [PATCH V3 1/5 selinux-next] selinux: Make allocation atomic in policydb > objects functions. > This patch change the allocation for policydb objects. They are in its own > patch > to make the complicated part easier to read. > > [PATCH V3 2/5 selinux-next] selinux: Introduce selinux_ruleset struct > This makes the access for the rule evaluation going though a single pointer. > > [PATCH V3 3/5 selinux-next] selinux: sidtab_clone switch to use rwlock. > We need to make sidtabs copys so this patch change the locks to a rwlock > and create a copy function. > > [PATCH V3 4/5 selinux-next] selinux: seqno separation > This patch adds separation of the read and write and uses > the pointer to switch rule set. It uses seqno for error handling > since there are a possibility to have multiple access. > > [PATCH V3 5/5 selinux-next] selinux: Switch to rcu read locks for avc_compute > All the preparation is done so this patch do the change of locks to rcu. > > History: > V1 rwsem > V2 did not handle all policydb objects, solved with the policydb_copy >did not handle sidtab for booleans, I think this one does however >shutdown is not used but not removed. > > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH] secilc: Make the clean target call the clean target of docs/
On Mon, May 28, 2018 at 4:30 PM, Laurent Bigonville wrote: > From: Laurent Bigonville > > Thanks to Russell Coker > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899083 > > Signed-off-by: Laurent Bigonville > --- > secilc/Makefile | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/secilc/Makefile b/secilc/Makefile > index dfd79cef..16640098 100644 > --- a/secilc/Makefile > +++ b/secilc/Makefile > @@ -58,6 +58,7 @@ clean: > rm -f file_contexts > rm -f $(SECILC_MANPAGE) > rm -f $(SECIL2CONF_MANPAGE) > + $(MAKE) -C docs clean > > relabel: > > -- > 2.17.0 This looks good to me. Ack. Thanks! Nicolas ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH] restorecond: Fix consistancy of DESTDIR usage
On Tue, May 29, 2018 at 9:29 AM, Laurent Bigonville wrote: > From: Laurent Bigonville > > --- > restorecond/Makefile | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/restorecond/Makefile b/restorecond/Makefile > index 25be18d4..fed65bba 100644 > --- a/restorecond/Makefile > +++ b/restorecond/Makefile > @@ -9,7 +9,7 @@ DBUSSERVICEDIR = $(PREFIX)/share/dbus-1/services > SYSTEMDDIR ?= $(PREFIX)/lib/systemd > > autostart_DATA = sealertauto.desktop > -INITDIR ?= $(DESTDIR)/etc/rc.d/init.d > +INITDIR ?= /etc/rc.d/init.d > SELINUXDIR = $(DESTDIR)/etc/selinux This looks good to me, but seeing the SELINUXDIR definition, I am wondering whether this line should also be migrated to remove DESTDIR from it. This could be done in an other patch. Nicolas > > DBUSFLAGS = -DHAVE_DBUS $(shell $(PKG_CONFIG) --cflags dbus-glib-1) > @@ -42,8 +42,8 @@ install: all > -mkdir -p $(DESTDIR)$(SBINDIR) > install -m 755 restorecond $(DESTDIR)$(SBINDIR) > install -m 644 restorecond.8 $(DESTDIR)$(MANDIR)/man8 > - -mkdir -p $(INITDIR) > - install -m 755 restorecond.init $(INITDIR)/restorecond > + -mkdir -p $(DESTDIR)$(INITDIR) > + install -m 755 restorecond.init $(DESTDIR)$(INITDIR)/restorecond > -mkdir -p $(SELINUXDIR) > install -m 644 restorecond.conf $(SELINUXDIR)/restorecond.conf > install -m 644 restorecond_user.conf > $(SELINUXDIR)/restorecond_user.conf > -- > 2.17.0 ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH 0/7] Fix some issues spotted by static analyzers
On Mon, May 28, 2018 at 6:42 AM, Jason Zaman wrote: > On Sat, May 26, 2018 at 08:42:06PM +0200, Nicolas Iooss wrote: >> Hi, >> As you may have noticed, I have been using clang's static analyzer for >> a few months and submitted fixes for bugs that it found. There are also >> many minor issues in the code (memory leaks, dead assignments, etc.) >> which introduce much noise and make it harder to find real issues. For >> example if a reported "dead variable assignment" is about the return >> value of a function which would need to be checked and the wrong >> variable is used in the check, this would be detected by the analyzer >> but would be in the noise of other minor issues. >> >> Therefore this patchset (and the ones that I would like to send in the >> following weeks) is about reducing this noise. >> >> I am starting with libsepol/src/module_to_cil.c and while cleaning up >> the commits I have written in order to use clang's static analyzer, I >> stumbled upon some other local commits I forgot to send, which fix more >> important bugs (like a missing call to va_end(), in the last patch). >> This explains why there are other files which are modified. >> >> Here is the git shortlog: >> >> Nicolas Iooss (7): >> libsepol: cil: silence clang analyzer false positive >> libsepol: do not leak memory if list_prepend fails >> libsepol: remove some dead assignments >> libsepol: do not call malloc with 0 byte >> libsepol: remove unused variable >> checkpolicy: destroy the class datum if it fails to initialize >> libsepol: destroy the copied va_list >> >> checkpolicy/module_compiler.c | 1 + >> libsepol/cil/src/cil_tree.c | 2 +- >> libsepol/src/kernel_to_common.c | 3 +++ >> libsepol/src/module_to_cil.c| 21 + >> 4 files changed, 18 insertions(+), 9 deletions(-) > > These all look good to me. I didnt compile test since your CI has > already done that many many times. > > For the whole series: > Acked-by: Jason Zaman Thanks! I applied the commits. Nicolas ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Selinux policy creation giving error
Hi, We are getting some AVC denials on the system. So, I tried to load a policy for those denials but we are not able to create any policy. We are getting below errors: libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert specialuser_u:system_r:ssh_t:s0 to sid libsepol.context_from_record: invalid security context: "specialuser_u:system_r:ssh_t:s0" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert specialuser_u:system_r:ssh_t:s0 to sid libsepol.context_from_record: invalid security context: "specialuser_u:system_r:ssh_t:s0" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert specialuser_u:system_r:ssh_t:s0 to sid Also attached the denials which I was getting on my system. Please suggest something to remove these errors and denials. Thank you!! Regards, Shagun denials Description: Binary data ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[GIT PULL] SELinux fixes for v4.17 (#2)
Hi Linus, One more small fix for SELinux: a small string length fix found by KASAN. I dislike sending patches this late in the release cycle, but this patch fixes a legitimate problem, is very small, limited in scope, and well understood. There are two threads with more information on the problem, the latest is linked below: * https://marc.info/?t=15272373741=1=2 If you're hesitant to pull this into v4.17 at such a late stage, it probably isn't going to cause major problems as Stephen points out in the thread linked above: "Such a setxattr() call can only be performed by a process with CAP_MAC_ADMIN that is also allowed mac_admin permission in SELinux policy. Consequently, this is never possible on Android (no process is allowed mac_admin permission, always enforcing) and is only possible in Fedora/RHEL for a few domains (if enforcing)." Thanks, -Paul -- The following changes since commit 4152dc91b5932e7fe49a5afed62a068b2f31d196: selinux: correctly handle sa_family cases in selinux_sctp_bind_connect() (2018-05-14 15:20:59 -0400) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git tags/selinux-pr-20180530 for you to fetch changes up to efe3de79e0b52ca281ef6691480c8c68c82a4657: selinux: KASAN: slab-out-of-bounds in xattr_getsecurity (2018-05-29 20:11:19 -0400) selinux/stable-4.17 PR 20180530 Sachin Grover (1): selinux: KASAN: slab-out-of-bounds in xattr_getsecurity security/selinux/ss/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- paul moore www.paul-moore.com ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH] selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
On Wed, May 30, 2018 at 11:23 AM, Stephen Smalley wrote:
> On 05/30/2018 11:19 AM, Paul Moore wrote:
>> On Fri, May 25, 2018 at 4:31 AM, Sachin Grover
>> wrote:
>>> Call trace:
>>> [] dump_backtrace+0x0/0x428
>>> [] show_stack+0x28/0x38
>>> [] dump_stack+0xd4/0x124
>>> [] print_address_description+0x68/0x258
>>> [] kasan_report.part.2+0x228/0x2f0
>>> [] kasan_report+0x5c/0x70
>>> [] check_memory_region+0x12c/0x1c0
>>> [] memcpy+0x34/0x68
>>> [] xattr_getsecurity+0xe0/0x160
>>> [] vfs_getxattr+0xc8/0x120
>>> [] getxattr+0x100/0x2c8
>>> [] SyS_fgetxattr+0x64/0xa0
>>> [] el0_svc_naked+0x24/0x28
>>>
>>> If user get root access and calls security.selinux setxattr() with an
>>> embedded NUL on a file and then if some process performs a getxattr()
>>> on that file with a length greater than the actual length of the string,
>>> it would result in a panic.
>>>
>>> To fix this, add the actual length of the string to the security context
>>> instead of the length passed by the userspace process.
>>>
>>> Signed-off-by: Sachin Grover
>>> ---
>>> security/selinux/ss/services.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> Thanks for reporting this and providing a patch. It's small enough,
>> and passes all the regular tests, so I've merged it into
>> selinux/stable-4.17 (adding the stable metadata) and I'm going to send
>> it up to Linus today.
>>
>> If Linus doesn't pull the fix in time for v4.17 I'll send it up during
>> the upcoming merge window.
>
> NB Such a setxattr() call can only be performed by a process with
> CAP_MAC_ADMIN that is also allowed mac_admin permission in SELinux policy.
> Consequently, this is never possible on Android (no process is allowed
> mac_admin permission, always enforcing) and is only possible in Fedora/RHEL
> for a few domains (if enforcing).
Yes the risk is small, and if it wasn't such a trivial and
self-contained patch I probably would have just deferred it for the
merge window, but considering everything I think there is value in
getting this in for v4.17. If Linus decides not to merge this into
v4.17 I think that is okay too.
> Fixes: 9a59daa03df72526d234b91dd3e32ded5aebd3ef ("SELinux: fix sleeping
> allocation in security_context_to_sid")
>
>>
>>> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
>>> index 66ea81c..d17f5b4 100644
>>> --- a/security/selinux/ss/services.c
>>> +++ b/security/selinux/ss/services.c
>>> @@ -1434,7 +1434,7 @@ static int security_context_to_sid_core(const char
>>> *scontext, u32 scontext_len,
>>> scontext_len, , def_sid);
>>> if (rc == -EINVAL && force) {
>>> context.str = str;
>>> - context.len = scontext_len;
>>> + context.len = strlen(str) + 1;
>>> str = NULL;
>>> } else if (rc)
>>> goto out_unlock;
>>> --
>>> 1.9.1
--
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH] selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
On 05/30/2018 11:19 AM, Paul Moore wrote:
> On Fri, May 25, 2018 at 4:31 AM, Sachin Grover wrote:
>> Call trace:
>> [] dump_backtrace+0x0/0x428
>> [] show_stack+0x28/0x38
>> [] dump_stack+0xd4/0x124
>> [] print_address_description+0x68/0x258
>> [] kasan_report.part.2+0x228/0x2f0
>> [] kasan_report+0x5c/0x70
>> [] check_memory_region+0x12c/0x1c0
>> [] memcpy+0x34/0x68
>> [] xattr_getsecurity+0xe0/0x160
>> [] vfs_getxattr+0xc8/0x120
>> [] getxattr+0x100/0x2c8
>> [] SyS_fgetxattr+0x64/0xa0
>> [] el0_svc_naked+0x24/0x28
>>
>> If user get root access and calls security.selinux setxattr() with an
>> embedded NUL on a file and then if some process performs a getxattr()
>> on that file with a length greater than the actual length of the string,
>> it would result in a panic.
>>
>> To fix this, add the actual length of the string to the security context
>> instead of the length passed by the userspace process.
>>
>> Signed-off-by: Sachin Grover
>> ---
>> security/selinux/ss/services.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Thanks for reporting this and providing a patch. It's small enough,
> and passes all the regular tests, so I've merged it into
> selinux/stable-4.17 (adding the stable metadata) and I'm going to send
> it up to Linus today.
>
> If Linus doesn't pull the fix in time for v4.17 I'll send it up during
> the upcoming merge window.
NB Such a setxattr() call can only be performed by a process with CAP_MAC_ADMIN
that is also allowed mac_admin permission in SELinux policy. Consequently, this
is never possible on Android (no process is allowed mac_admin permission,
always enforcing) and is only possible in Fedora/RHEL for a few domains (if
enforcing).
Fixes: 9a59daa03df72526d234b91dd3e32ded5aebd3ef ("SELinux: fix sleeping
allocation in security_context_to_sid")
>
>> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
>> index 66ea81c..d17f5b4 100644
>> --- a/security/selinux/ss/services.c
>> +++ b/security/selinux/ss/services.c
>> @@ -1434,7 +1434,7 @@ static int security_context_to_sid_core(const char
>> *scontext, u32 scontext_len,
>> scontext_len, , def_sid);
>> if (rc == -EINVAL && force) {
>> context.str = str;
>> - context.len = scontext_len;
>> + context.len = strlen(str) + 1;
>> str = NULL;
>> } else if (rc)
>> goto out_unlock;
>> --
>> 1.9.1
>
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH] selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
On Fri, May 25, 2018 at 4:31 AM, Sachin Grover wrote:
> Call trace:
> [] dump_backtrace+0x0/0x428
> [] show_stack+0x28/0x38
> [] dump_stack+0xd4/0x124
> [] print_address_description+0x68/0x258
> [] kasan_report.part.2+0x228/0x2f0
> [] kasan_report+0x5c/0x70
> [] check_memory_region+0x12c/0x1c0
> [] memcpy+0x34/0x68
> [] xattr_getsecurity+0xe0/0x160
> [] vfs_getxattr+0xc8/0x120
> [] getxattr+0x100/0x2c8
> [] SyS_fgetxattr+0x64/0xa0
> [] el0_svc_naked+0x24/0x28
>
> If user get root access and calls security.selinux setxattr() with an
> embedded NUL on a file and then if some process performs a getxattr()
> on that file with a length greater than the actual length of the string,
> it would result in a panic.
>
> To fix this, add the actual length of the string to the security context
> instead of the length passed by the userspace process.
>
> Signed-off-by: Sachin Grover
> ---
> security/selinux/ss/services.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks for reporting this and providing a patch. It's small enough,
and passes all the regular tests, so I've merged it into
selinux/stable-4.17 (adding the stable metadata) and I'm going to send
it up to Linus today.
If Linus doesn't pull the fix in time for v4.17 I'll send it up during
the upcoming merge window.
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 66ea81c..d17f5b4 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -1434,7 +1434,7 @@ static int security_context_to_sid_core(const char
> *scontext, u32 scontext_len,
> scontext_len, , def_sid);
> if (rc == -EINVAL && force) {
> context.str = str;
> - context.len = scontext_len;
> + context.len = strlen(str) + 1;
> str = NULL;
> } else if (rc)
> goto out_unlock;
> --
> 1.9.1
--
paul moore
www.paul-moore.com
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH] selinux-testsuite: fix the mode bits for the binder tests
From: Paul Moore Signed-off-by: Paul Moore --- tests/binder/test |0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/binder/test diff --git a/tests/binder/test b/tests/binder/test old mode 100644 new mode 100755 ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH] selinux-testsuite: fix some style problems in the binder tests
From: Paul Moore Fixes done by 'tools/check-syntax -f'. Signed-off-by: Paul Moore --- tests/binder/test_binder.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/binder/test_binder.c b/tests/binder/test_binder.c index 0d10a58..11fa358 100644 --- a/tests/binder/test_binder.c +++ b/tests/binder/test_binder.c @@ -632,7 +632,7 @@ int main(int argc, char **argv) writebuf.txn.data.ptr.buffer = (uintptr_t) writebuf.txn.data.ptr.offsets = (uintptr_t) + - sizeof(struct flat_binder_object); + sizeof(struct flat_binder_object); bwr.write_buffer = (uintptr_t) bwr.write_size = sizeof(writebuf); ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH V3 2/5 selinux-next] selinux: Introduce selinux_ruleset struct
This is a preparation for moving locking to rcu type.
We move policydb, sidtab and map to this structure which
is dynamic allocated. To help out the handlig a policydb_copy
are added. It is intended to be used in atomic context within
a rcu lock, so there are help functions that do vmalloc
allocation that are intended to be on the outside of the lock.
hastab_insert had a cond_sched call that is removed. When switched
to rcu lock the lock can be preempted.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/hashtab.c | 1 -
security/selinux/ss/policydb.c | 48 +++
security/selinux/ss/policydb.h | 6 +-
security/selinux/ss/services.c | 292 +++--
security/selinux/ss/services.h | 12 +-
5 files changed, 226 insertions(+), 133 deletions(-)
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 0944b1f8060e..967b6e3d25c6 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -44,7 +44,6 @@ int hashtab_insert(struct hashtab *h, void *key, void *datum)
u32 hvalue;
struct hashtab_node *prev, *cur, *newnode;
- cond_resched();
if (!h || h->nel == HASHTAB_MAX_NODES)
return -EINVAL;
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 2a0e21d8c275..93d134d057a7 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -3535,3 +3535,51 @@ int policydb_write(struct policydb *p, void *fp)
return 0;
}
+
+int policydb_flattened_alloc(struct policydb *db, void **tmpbuf, size_t *size)
+{
+ int rc = 0;
+
+ *size = db->len;
+ *tmpbuf = vmalloc(*size);
+
+ if (!*tmpbuf) {
+ rc = -ENOMEM;
+ printk(KERN_ERR "SELinux: vmalloc failed for %ld\n", *size);
+ }
+ return rc;
+}
+
+int policydb_flattened_free(void *tmpbuf)
+{
+ vfree(tmpbuf);
+ return 0;
+}
+
+int policydb_copy(struct policydb *olddb, struct policydb *newdb,
+ void **tmpstorage, size_t size)
+{
+ struct policy_file fp;
+ void *data = *tmpstorage;
+ int rc;
+
+ if (size != olddb->len) {
+ rc = -EAGAIN;
+ goto out;
+ }
+ fp.data = data;
+ fp.len = size;
+ rc = policydb_write(olddb, );
+ if (rc)
+ goto out;
+
+ fp.len = size;
+ fp.data = data;
+ rc = policydb_read(newdb, );
+ if (rc)
+ goto out;
+
+ newdb->len = size;
+out:
+ return rc;
+}
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 215f8f30ac5a..3e2f86b5b674 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -320,7 +320,11 @@ extern int policydb_type_isvalid(struct policydb *p,
unsigned int type);
extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
extern int policydb_read(struct policydb *p, void *fp);
extern int policydb_write(struct policydb *p, void *fp);
-
+extern int policydb_copy(struct policydb *olddb, struct policydb *newdb,
+void **tmpstorage, size_t size);
+extern int policydb_flattened_alloc(struct policydb *db,
+ void **tmpbuf, size_t *size);
+extern int policydb_flattened_free(void *tmpbuf);
#define PERM_SYMTAB_SIZE 32
#define POLICYDB_CONFIG_MLS1
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8057e19dc15f..4f3ce389084c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -86,6 +86,10 @@ void selinux_ss_init(struct selinux_ss **ss)
{
rwlock_init(_ss.policy_rwlock);
mutex_init(_ss.status_lock);
+ selinux_ss.active_set = kzalloc(sizeof(struct selinux_ruleset),
+ GFP_KERNEL);
+ selinux_ss.active_set->sidtab = kzalloc(sizeof(struct sidtab),
+ GFP_KERNEL);
*ss = _ss;
}
@@ -249,7 +253,7 @@ static void map_decision(struct selinux_map *map,
int security_mls_enabled(struct selinux_state *state)
{
- struct policydb *p = >ss->policydb;
+ struct policydb *p = >ss->active_set->policydb;
return p->mls_enabled;
}
@@ -733,7 +737,7 @@ static int security_validtrans_handle_fail(struct
selinux_state *state,
struct context *tcontext,
u16 tclass)
{
- struct policydb *p = >ss->policydb;
+ struct policydb *p = >ss->active_set->policydb;
char *o = NULL, *n = NULL, *t = NULL;
u32 olen, nlen, tlen;
@@ -777,11 +781,11 @@ static int security_compute_validatetrans(struct
selinux_state *state,
read_lock(>ss->policy_rwlock);
- policydb = >ss->policydb;
- sidtab = >ss->sidtab;
+ policydb = >ss->active_set->policydb;
+ sidtab = state->ss->active_set->sidtab;
[PATCH V3 1/5 selinux-next] selinux: Make allocation atomic in policydb objects functions.
From: peter
As preparation for RCU the allocation need to be atomic,
there is a lot of them so they do in this patch.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/avtab.c | 8 +--
security/selinux/ss/conditional.c | 14 ++---
security/selinux/ss/ebitmap.c | 3 +-
security/selinux/ss/hashtab.c | 6 +--
security/selinux/ss/policydb.c| 104 +++---
5 files changed, 69 insertions(+), 66 deletions(-)
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index a2c9148b0662..1114a308aa94 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -72,13 +72,13 @@ avtab_insert_node(struct avtab *h, int hvalue,
{
struct avtab_node *newnode;
struct avtab_extended_perms *xperms;
- newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
+ newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_ATOMIC);
if (newnode == NULL)
return NULL;
newnode->key = *key;
if (key->specified & AVTAB_XPERMS) {
- xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_KERNEL);
+ xperms = kmem_cache_zalloc(avtab_xperms_cachep, GFP_ATOMIC);
if (xperms == NULL) {
kmem_cache_free(avtab_node_cachep, newnode);
return NULL;
@@ -95,7 +95,7 @@ avtab_insert_node(struct avtab *h, int hvalue,
} else {
newnode->next = flex_array_get_ptr(h->htable, hvalue);
if (flex_array_put_ptr(h->htable, hvalue, newnode,
- GFP_KERNEL|__GFP_ZERO)) {
+ GFP_ATOMIC|__GFP_ZERO)) {
kmem_cache_free(avtab_node_cachep, newnode);
return NULL;
}
@@ -330,7 +330,7 @@ int avtab_alloc(struct avtab *h, u32 nrules)
mask = nslot - 1;
h->htable = flex_array_alloc(sizeof(struct avtab_node *), nslot,
-GFP_KERNEL | __GFP_ZERO);
+GFP_ATOMIC | __GFP_ZERO);
if (!h->htable)
return -ENOMEM;
diff --git a/security/selinux/ss/conditional.c
b/security/selinux/ss/conditional.c
index c91543a617ac..a09c8a8e9472 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -178,7 +178,7 @@ int cond_init_bool_indexes(struct policydb *p)
kfree(p->bool_val_to_struct);
p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim,
sizeof(*p->bool_val_to_struct),
- GFP_KERNEL);
+ GFP_ATOMIC);
if (!p->bool_val_to_struct)
return -ENOMEM;
return 0;
@@ -205,7 +205,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
fa = p->sym_val_to_name[SYM_BOOLS];
if (flex_array_put_ptr(fa, booldatum->value - 1, key,
- GFP_KERNEL | __GFP_ZERO))
+ GFP_ATOMIC | __GFP_ZERO))
BUG();
p->bool_val_to_struct[booldatum->value - 1] = booldatum;
@@ -227,7 +227,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h,
void *fp)
u32 len;
int rc;
- booldatum = kzalloc(sizeof(*booldatum), GFP_KERNEL);
+ booldatum = kzalloc(sizeof(*booldatum), GFP_ATOMIC);
if (!booldatum)
return -ENOMEM;
@@ -247,7 +247,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h,
void *fp)
goto err;
rc = -ENOMEM;
- key = kmalloc(len + 1, GFP_KERNEL);
+ key = kmalloc(len + 1, GFP_ATOMIC);
if (!key)
goto err;
rc = next_entry(key, fp, len);
@@ -332,7 +332,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key
*k, struct avtab_datum
goto err;
}
- list = kzalloc(sizeof(*list), GFP_KERNEL);
+ list = kzalloc(sizeof(*list), GFP_ATOMIC);
if (!list) {
rc = -ENOMEM;
goto err;
@@ -420,7 +420,7 @@ static int cond_read_node(struct policydb *p, struct
cond_node *node, void *fp)
goto err;
rc = -ENOMEM;
- expr = kzalloc(sizeof(*expr), GFP_KERNEL);
+ expr = kzalloc(sizeof(*expr), GFP_ATOMIC);
if (!expr)
goto err;
@@ -471,7 +471,7 @@ int cond_read_list(struct policydb *p, void *fp)
for (i = 0; i < len; i++) {
rc = -ENOMEM;
- node = kzalloc(sizeof(*node), GFP_KERNEL);
+ node = kzalloc(sizeof(*node), GFP_ATOMIC);
if (!node)
goto err;
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 5ae8c61b75bf..a49fabe6f744 100644
--- a/security/selinux/ss/ebitmap.c
+++
[PATCH V3 0/5] selinux:Significant reduce of preempt_disable holds
Holding the preempt_disable is very bad for low latency tasks such as audio and therefore we need to break out the rule-set dependent part from this disable. By using a RCU instead of rwlock we have an efficient locking and less preemption interference. Selinux uses a lot of read_locks. This patch replaces the rwlock with RCU that does not hold preempt_disable. Intel Xeon W3520 2.67 Ghz running FC27 with 4.15.0-rc9git (+measurement) I get preempt_disable of about 1.2ms in security_compute_av(). With the patch I get 960us as the longest security_compute_av() without preempt disabeld. There are very much noise in the measurement but it is not likely a degrade. And the preempt_disable times is also very dependent on the selinux rule-set. In security_get_user_sids() we have two nested for-loops and the inner part calls sittab_context_to_sid() that calls sidtab_search_context() that has a for loop() over a while() where the loops is dependent on the rules. On the test system the average lookup time is 60us and does not change with the introduced RCU usage. The boolean change becomes a lot more heavy with this patch, but it is a very rare usage in compare with read only operations. The lock held during a policydb_copy is about 1ms on a XEON. To use RCU the structure of policydb has to be accesses through a pointer. We need 5 patches to get there. [PATCH V3 1/5 selinux-next] selinux: Make allocation atomic in policydb objects functions. This patch change the allocation for policydb objects. They are in its own patch to make the complicated part easier to read. [PATCH V3 2/5 selinux-next] selinux: Introduce selinux_ruleset struct This makes the access for the rule evaluation going though a single pointer. [PATCH V3 3/5 selinux-next] selinux: sidtab_clone switch to use rwlock. We need to make sidtabs copys so this patch change the locks to a rwlock and create a copy function. [PATCH V3 4/5 selinux-next] selinux: seqno separation This patch adds separation of the read and write and uses the pointer to switch rule set. It uses seqno for error handling since there are a possibility to have multiple access. [PATCH V3 5/5 selinux-next] selinux: Switch to rcu read locks for avc_compute All the preparation is done so this patch do the change of locks to rcu. History: V1 rwsem V2 did not handle all policydb objects, solved with the policydb_copy did not handle sidtab for booleans, I think this one does however shutdown is not used but not removed. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH V3 5/5 selinux-next] selinux: Switch to rcu read locks for avc_compute
To be able to preempt avc_compute we need preemptible
locks, this patch switch the rwlock reads to rcu_read_lock.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 152 +
security/selinux/ss/services.h | 2 +-
2 files changed, 79 insertions(+), 75 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 954ebe490516..a9aa863c47a3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -84,7 +84,7 @@ static struct selinux_ss selinux_ss;
void selinux_ss_init(struct selinux_ss **ss)
{
- rwlock_init(_ss.policy_rwlock);
+ spin_lock_init(_ss.policy_lock);
mutex_init(_ss.status_lock);
selinux_ss.active_set = kzalloc(sizeof(struct selinux_ruleset),
GFP_KERNEL);
@@ -779,7 +779,7 @@ static int security_compute_validatetrans(struct
selinux_state *state,
if (!state->initialized)
return 0;
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
policydb = >ss->active_set->policydb;
sidtab = state->ss->active_set->sidtab;
@@ -837,7 +837,7 @@ static int security_compute_validatetrans(struct
selinux_state *state,
}
out:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
return rc;
}
@@ -879,7 +879,7 @@ int security_bounded_transition(struct selinux_state *state,
if (!state->initialized)
return 0;
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
policydb = >ss->active_set->policydb;
sidtab = state->ss->active_set->sidtab;
@@ -944,7 +944,7 @@ int security_bounded_transition(struct selinux_state *state,
kfree(old_name);
}
out:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
return rc;
}
@@ -1035,7 +1035,7 @@ void security_compute_xperms_decision(struct
selinux_state *state,
memset(xpermd->auditallow->p, 0, sizeof(xpermd->auditallow->p));
memset(xpermd->dontaudit->p, 0, sizeof(xpermd->dontaudit->p));
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
if (!state->initialized)
goto allow;
@@ -1092,7 +1092,7 @@ void security_compute_xperms_decision(struct
selinux_state *state,
}
}
out:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
return;
allow:
memset(xpermd->allowed->p, 0xff, sizeof(xpermd->allowed->p));
@@ -1122,7 +1122,7 @@ void security_compute_av(struct selinux_state *state,
u16 tclass;
struct context *scontext = NULL, *tcontext = NULL;
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
avd_init(state, avd);
xperms->len = 0;
if (!state->initialized)
@@ -1160,7 +1160,7 @@ void security_compute_av(struct selinux_state *state,
map_decision(>ss->active_set->map, orig_tclass, avd,
policydb->allow_unknown);
out:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
return;
allow:
avd->allowed = 0x;
@@ -1177,7 +1177,7 @@ void security_compute_av_user(struct selinux_state *state,
struct sidtab *sidtab;
struct context *scontext = NULL, *tcontext = NULL;
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
avd_init(state, avd);
if (!state->initialized)
goto allow;
@@ -1212,7 +1212,7 @@ void security_compute_av_user(struct selinux_state *state,
context_struct_compute_av(policydb, scontext, tcontext, tclass, avd,
NULL);
out:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
return;
allow:
avd->allowed = 0x;
@@ -1319,7 +1319,7 @@ static int security_sid_to_context_core(struct
selinux_state *state,
rc = -EINVAL;
goto out;
}
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
policydb = >ss->active_set->policydb;
sidtab = state->ss->active_set->sidtab;
if (force)
@@ -1335,7 +1335,7 @@ static int security_sid_to_context_core(struct
selinux_state *state,
rc = context_struct_to_string(policydb, context, scontext,
scontext_len);
out_unlock:
- read_unlock(>ss->policy_rwlock);
+ rcu_read_unlock();
out:
return rc;
@@ -1491,7 +1491,7 @@ static int security_context_to_sid_core(struct
selinux_state *state,
if (!str)
goto out;
}
- read_lock(>ss->policy_rwlock);
+ rcu_read_lock();
policydb = >ss->active_set->policydb;
sidtab = state->ss->active_set->sidtab;
rc = string_to_context_struct(policydb, sidtab, scontext2,
@@ -1505,7 +1505,7 @@ static int security_context_to_sid_core(struct
selinux_state *state,
rc =
[PATCH V3 3/5 selinux-next] selinux: sidtab_clone switch to use rwlock.
We need a copy of sidtabs, so change the generic sidtab_clone
as from a function pointer and let it use a read rwlock while
do the clone.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 20 +---
security/selinux/ss/sidtab.c | 39 ---
security/selinux/ss/sidtab.h | 3 ++-
3 files changed, 35 insertions(+), 27 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4f3ce389084c..2be471d72c85 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1891,19 +1891,6 @@ int security_change_sid(struct selinux_state *state,
out_sid, false);
}
-/* Clone the SID into the new SID table. */
-static int clone_sid(u32 sid,
-struct context *context,
-void *arg)
-{
- struct sidtab *s = arg;
-
- if (sid > SECINITSID_NUM)
- return sidtab_insert(s, sid, context);
- else
- return 0;
-}
-
static inline int convert_context_handle_invalid_context(
struct selinux_state *state,
struct context *context)
@@ -2199,10 +2186,7 @@ int security_load_policy(struct selinux_state *state,
void *data, size_t len)
goto err;
}
- /* Clone the SID table. */
- sidtab_shutdown(old_set->sidtab);
-
- rc = sidtab_map(old_set->sidtab, clone_sid, next_set->sidtab);
+ rc = sidtab_clone(old_set->sidtab, next_set->sidtab);
if (rc)
goto err;
@@ -2926,8 +2910,6 @@ int security_set_bools(struct selinux_state *state, int
len, int *values)
goto out;
}
- seqno = ++state->ss->latest_granting;
- state->ss->active_set = next_set;
rc = 0;
out:
if (!rc) {
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index 5be31b7af225..811503cd7c2b 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -27,7 +27,7 @@ int sidtab_init(struct sidtab *s)
s->nel = 0;
s->next_sid = 1;
s->shutdown = 0;
- spin_lock_init(>lock);
+ rwlock_init(>lock);
return 0;
}
@@ -116,6 +116,31 @@ struct context *sidtab_search_force(struct sidtab *s, u32
sid)
return sidtab_search_core(s, sid, 1);
}
+int sidtab_clone(struct sidtab *s, struct sidtab *d)
+{
+ int i, rc = 0;
+ struct sidtab_node *cur;
+
+ if (!s || !d)
+ goto errout;
+
+ read_lock(>lock);
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur) {
+ if (cur->sid > SECINITSID_NUM)
+ rc = sidtab_insert(d, cur->sid, >context);
+ if (rc)
+ goto out;
+ cur = cur->next;
+ }
+ }
+out:
+ read_unlock(>lock);
+errout:
+ return rc;
+}
+
int sidtab_map(struct sidtab *s,
int (*apply) (u32 sid,
struct context *context,
@@ -202,7 +227,7 @@ int sidtab_context_to_sid(struct sidtab *s,
if (!sid)
sid = sidtab_search_context(s, context);
if (!sid) {
- spin_lock_irqsave(>lock, flags);
+ write_lock_irqsave(>lock, flags);
/* Rescan now that we hold the lock. */
sid = sidtab_search_context(s, context);
if (sid)
@@ -221,7 +246,7 @@ int sidtab_context_to_sid(struct sidtab *s,
if (ret)
s->next_sid--;
unlock_out:
- spin_unlock_irqrestore(>lock, flags);
+ write_unlock_irqrestore(>lock, flags);
}
if (ret)
@@ -287,21 +312,21 @@ void sidtab_set(struct sidtab *dst, struct sidtab *src)
unsigned long flags;
int i;
- spin_lock_irqsave(>lock, flags);
+ write_lock_irqsave(>lock, flags);
dst->htable = src->htable;
dst->nel = src->nel;
dst->next_sid = src->next_sid;
dst->shutdown = 0;
for (i = 0; i < SIDTAB_CACHE_LEN; i++)
dst->cache[i] = NULL;
- spin_unlock_irqrestore(>lock, flags);
+ write_unlock_irqrestore(>lock, flags);
}
void sidtab_shutdown(struct sidtab *s)
{
unsigned long flags;
- spin_lock_irqsave(>lock, flags);
+ write_lock_irqsave(>lock, flags);
s->shutdown = 1;
- spin_unlock_irqrestore(>lock, flags);
+ write_unlock_irqrestore(>lock, flags);
}
diff --git a/security/selinux/ss/sidtab.h b/security/selinux/ss/sidtab.h
index a1a1d2617b6f..6751f8bcbd66 100644
--- a/security/selinux/ss/sidtab.h
+++ b/security/selinux/ss/sidtab.h
@@ -29,7 +29,7 @@ struct sidtab {
unsigned char shutdown;
#define SIDTAB_CACHE_LEN 3
struct sidtab_node *cache[SIDTAB_CACHE_LEN];
- spinlock_t lock;
+ rwlock_t
[PATCH V3 4/5 selinux-next] selinux: seqno separation
This patch separtate the locks for read and write, and
to be sure that they are using the same structure the
seqno is used. If the seqno is changed from the read to
write section the function reportes an eagain error.
Signed-off-by: Peter Enderborg
---
security/selinux/ss/services.c | 143 -
1 file changed, 98 insertions(+), 45 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2be471d72c85..954ebe490516 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2104,6 +2104,9 @@ int security_load_policy(struct selinux_state *state,
void *data, size_t len)
u32 seqno;
int rc = 0;
struct selinux_ruleset *next_set, *old_set;
+ size_t size;
+ void *storage;
+ struct policydb *pdc;
struct policy_file file = { data, len }, *fp =
next_set = kzalloc(sizeof(struct selinux_ruleset), GFP_KERNEL);
@@ -2111,14 +2114,15 @@ int security_load_policy(struct selinux_state *state,
void *data, size_t len)
rc = -ENOMEM;
goto out;
}
+
next_set->sidtab = kzalloc(sizeof(struct sidtab), GFP_KERNEL);
if (!next_set->sidtab) {
rc = -ENOMEM;
- kfree(next_set);
- goto out;
+ goto nexterr;
}
if (!state->initialized) {
+ /* sidtab exist before inititalisation */
old_set = state->ss->active_set;
rc = policydb_read(_set->policydb, fp);
if (rc)
@@ -2152,57 +2156,80 @@ int security_load_policy(struct selinux_state *state,
void *data, size_t len)
kfree(old_set);
goto out;
}
+
+ pdc = kzalloc(sizeof(struct selinux_ruleset), GFP_KERNEL);
+ if (!pdc)
+ goto allocerr;
+
+ rc = policydb_flattened_alloc(>ss->active_set->policydb,
+ , );
+ if (rc)
+ goto pdcerr;
+
+ read_lock(>ss->policy_rwlock);
old_set = state->ss->active_set;
+ rc = policydb_copy(_set->policydb, pdc, , size);
+
+ /* save seq */
+ seqno = state->ss->latest_granting;
+
+ read_unlock(>ss->policy_rwlock);
+
+ policydb_flattened_free(storage);
+
+ if (rc)
+ goto cpyerr;
+
#if 0
sidtab_hash_eval(sidtab, "sids");
#endif
-
rc = policydb_read(_set->policydb, fp);
if (rc)
- goto out;
+ goto cpyerr;
next_set->policydb.len = len;
/* If switching between different policy types, log MLS status */
- if (old_set->policydb.mls_enabled && !next_set->policydb.mls_enabled)
+ if (pdc->mls_enabled && !next_set->policydb.mls_enabled)
printk(KERN_INFO "SELinux: Disabling MLS support...\n");
- else if (!old_set->policydb.mls_enabled
+ else if (!pdc->mls_enabled
&& next_set->policydb.mls_enabled)
printk(KERN_INFO "SELinux: Enabling MLS support...\n");
+
rc = policydb_load_isids(_set->policydb, next_set->sidtab);
if (rc) {
printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
- policydb_destroy(_set->policydb);
- goto out;
+ goto cpyerr;
}
rc = selinux_set_mapping(_set->policydb, secclass_map, );
if (rc)
- goto err;
+ goto loaderr;
rc = security_preserve_bools(state, _set->policydb);
if (rc) {
printk(KERN_ERR "SELinux: unable to preserve booleans\n");
- goto err;
+ goto maperr;
}
rc = sidtab_clone(old_set->sidtab, next_set->sidtab);
if (rc)
- goto err;
+ goto maperr;
/*
* Convert the internal representations of contexts
* in the new SID table.
*/
args.state = state;
- args.oldp = _set->policydb;
+ args.oldp = pdc;
args.newp = _set->policydb;
+
rc = sidtab_map(next_set->sidtab, convert_context, );
if (rc) {
printk(KERN_ERR "SELinux: unable to convert the internal"
" representation of contexts in the new SID"
" table\n");
- goto err;
+ goto maperr;
}
next_set->map.mapping = newmap.mapping;
@@ -2210,30 +2237,44 @@ int security_load_policy(struct selinux_state *state,
void *data, size_t len)
/* Install the new policydb and SID table. */
write_lock_irq(>ss->policy_rwlock);
- security_load_policycaps(state, _set->policydb);
- seqno = ++state->ss->latest_granting;
- state->ss->active_set = next_set;
- write_unlock_irq(>ss->policy_rwlock);
-
- avc_ss_reset(state->avc, seqno);
- selnl_notify_policyload(seqno);
-
system-config-selinux requires root to run
Hello, I was planning to readd system-config-selinux in the debian package now that it has been ported to GIR, python3 and GTK3. But I realized that it requires root rights (via pkexec) to work. The problem with that is that it doesn't work with wayland. Are there any plans to decouple (evermore) the GUI and the backend that requires root? Kind regards, Laurent Bigonville ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
