From patchwork Thu Mar 17 19:29:51 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Lawrence X-Patchwork-Id: 8614001 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 3DFC49F3D1 for ; Thu, 17 Mar 2016 19:32:51 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8A182202F2 for ; Thu, 17 Mar 2016 19:32:50 +0000 (UTC) Received: from emvm-gh1-uea09.nsa.gov (unknown [63.239.67.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7D2A32010B for ; Thu, 17 Mar 2016 19:32:49 +0000 (UTC) X-TM-IMSS-Message-ID: <85544f150000084a@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1) id 85544f150000084a ; Thu, 17 Mar 2016 15:35:07 -0400 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u2HJU8m0031127; Thu, 17 Mar 2016 15:30:17 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u2HJU5mT024121 for ; Thu, 17 Mar 2016 15:30:05 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u2HJU4a0031118 for ; Thu, 17 Mar 2016 15:30:05 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DUAAA1BetWiqu/HtheGQEBAhIBAYRVp3WQA4QMEogDAQEBAQEBEgEBAQoWB4U/ghATiCehep9Bhh6IToRsBZdUjgECjwICjwOCGEwBEQiBZSAuiSiBOwEBAQ X-IPAS-Result: A1DUAAA1BetWiqu/HtheGQEBAhIBAYRVp3WQA4QMEogDAQEBAQEBEgEBAQoWB4U/ghATiCehep9Bhh6IToRsBZdUjgECjwICjwOCGEwBEQiBZSAuiSiBOwEBAQ X-IronPort-AV: E=Sophos;i="5.24,351,1454994000"; d="scan'208";a="5302633" Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193]) by goalie.tycho.ncsc.mil with ESMTP; 17 Mar 2016 15:30:05 -0400 X-TM-IMSS-Message-ID: Received: from exchange10.columbia.tresys.com (exchange10.columbia.tresys.com [216.30.191.171]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES256-SHA (256/256)) id a925880c00000a79 ; Thu, 17 Mar 2016 15:29:42 -0400 Received: from amos.columbia.tresys.com (10.1.13.136) by Exchange10.columbia.tresys.com (192.168.243.126) with Microsoft SMTP Server (TLS) id 14.1.438.0; Thu, 17 Mar 2016 15:29:54 -0400 From: Steve Lawrence To: SELinux List Subject: [PATCH] libsepol/cil: fix bug when resetting class permission values Date: Thu, 17 Mar 2016 15:29:51 -0400 Message-ID: <1458242991-25215-1-git-send-email-slawrence@tresys.com> X-Mailer: git-send-email 2.5.0 MIME-Version: 1.0 X-TM-AS-MML: disable X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-6.1 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RDNS_NONE, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP During resolution of classcommon statements (cil_resolve_classcommon), we add the number of class common permissions to the values of the class permissions. This way, the internal CIL values of the common permission go from 0 to N, and the values of class permissions start at N+1 (where N is the number of common permissions). When we reset a class due to reresolve (cil_reset_class), we must then reverse this process by subtracting the number of common permissions from the class permission values. However, there is a bug when resetting classes in which we subtract the number of common permissions from the common permissions value rather than the class permissions value. This means that class permissions could be too high (since they are not reduced on reset) and common permissions underflowed (since they are reduced, but should not be). In most cases, this didn't actually matter since these permission values aren't used when creating the binary. Additionally, we always access the permissions via a hash table lookup or map, and then use whatever value they have to set bits in bitmaps. As long as the bits in the bitmap match the values, things work as expected. However, the one case where these values do matter is if you use 'all' in a class permission set. In this case, we enable bits 0 through number of permissions in a bitmap. But because our permission values are all mixed up, these enabled bits do not correspond to the permission values. This results in making it look like no permissions were set in a class permission set, and the rule is essentially ignored. This patch fixes the bug so that the values of class permissions are properly reset, allowing one to use 'all' in class permission sets in a policy that reresolves. Signed-off-by: Steve Lawrence --- libsepol/cil/src/cil_reset_ast.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index 06146ca..de00679 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -23,7 +23,7 @@ static void cil_reset_class(struct cil_class *class) { if (class->common != NULL) { struct cil_class *common = class->common; - cil_symtab_map(&common->perms, __class_reset_perm_values, &common->num_perms); + cil_symtab_map(&class->perms, __class_reset_perm_values, &common->num_perms); /* during a re-resolve, we need to reset the common, so a classcommon * statement isn't seen as a duplicate */ class->num_perms -= common->num_perms;