From patchwork Fri Jun  3 15:09:25 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joshua Brindle <brindle@quarksecurity.com>
X-Patchwork-Id: 9153337
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	DEF456074E for <patchwork-selinux@patchwork.kernel.org>;
	Fri,  3 Jun 2016 15:21:54 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D11AF26C9B
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri,  3 Jun 2016 15:21:54 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C613F28304; Fri,  3 Jun 2016 15:21:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	T_DKIM_INVALID autolearn=no version=3.3.1
Received: from emsm-gh1-uea11.nsa.gov (emsm-gh1-uea11.nsa.gov [8.44.101.9])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 216ED26C9B
	for <patchwork-selinux@patchwork.kernel.org>;
	Fri,  3 Jun 2016 15:21:53 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.26,412,1459814400"; d="scan'208";a="16633166"
IronPort-PHdr: =?us-ascii?q?9a23=3A2THQIBbPgKShMR2wwi7Kzyz/LSx+4OfEezUN459i?=
	=?us-ascii?q?sYplN5qZpcu4bnLW6fgltlLVR4KTs6sC0LqH9f67Ejxbqb+681k8M7V0Hycfjs?=
	=?us-ascii?q?sXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aJBzzOEJP?=
	=?us-ascii?q?K/jvHcaK1oLsh7H0pcaYM14ArQH+SI0xBS3+lR/WuMgSjNkqAYcK4TyNnEF1ff?=
	=?us-ascii?q?9Lz3hjP1OZkkW0zM6x+Jl+73YY4Kp5pIZ9S6GyQ4AUBfwdVWxnYCgJ45jwuB3C?=
	=?us-ascii?q?Sxafri8HX2EXlAdYKxTU5xH9GJHqu231sfQriweAOsijb7cvWSmrp41xSRnkjC?=
	=?us-ascii?q?pPYzQj8WfbjsFYlb9SuhG6qhdi2Y/IcceeM/8oLfCVRs8TWWcUBpUZbCdGGI7p?=
	=?us-ascii?q?KtJXAg=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2F9AwA7n1FX/wHyM5BcgzqBU7xHIoc0TAEBAQEBAQICYie?=
	=?us-ascii?q?CMH4sCEgBHQEEAg8oBgEBDCAMAgMJAhcpCAgDAS0DAQUBCxcICwUYBAGIDaNeg?=
	=?us-ascii?q?TE+MYpUhSgBAQWNEAgQhAuKaxEBhXaYSo4miTElhUSOEzCBD1SBQoJIUohdgTU?=
	=?us-ascii?q?BAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	03 Jun 2016 15:21:46 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u53FKw6g017288;
	Fri, 3 Jun 2016 11:21:09 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u53F9c1W081894 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Fri, 3 Jun 2016 11:09:38 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u53F9Yed015535
	for <selinux@tycho.nsa.gov>; Fri, 3 Jun 2016 11:09:37 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1DVAQCpnFFXfS7AVdFchQ24SYQIhhKBOEwBAQEBAQETAQEJCwsJIYR3ARUuAQE3AYEUAQUBIhMiiA2jW4ExPjGKVIUoAQEFjGYBAQgfCBCEC5BzmEqOJokxhWmOEzCBD4JOghBSihIBAQE
X-IPAS-Result: 
 A1DVAQCpnFFXfS7AVdFchQ24SYQIhhKBOEwBAQEBAQETAQEJCwsJIYR3ARUuAQE3AYEUAQUBIhMiiA2jW4ExPjGKVIUoAQEFjGYBAQgfCBCEC5BzmEqOJokxhWmOEzCBD4JOghBSihIBAQE
X-IronPort-AV: E=Sophos;i="5.26,412,1459828800"; d="scan'208";a="5488253"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 03 Jun 2016 11:09:33 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3AGHXWMxcxmIkBDd1wWKYmtW3slGMj4u6mDksu8pMi?=
	=?us-ascii?q?zoh2WeGdxc6/Yx7h7PlgxGXEQZ/co6odzbGG4ua+AidQut6oizMrTt9lb1c9k8?=
	=?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUiv2OQc9?=
	=?us-ascii?q?HOnpAIma153xjLDjvcOIKFUTzBOGIppMbzyO5T3LsccXhYYwYo0Q8TDu5kVyRu?=
	=?us-ascii?q?JN2GlzLkiSlRuvru25/Zpk7jgC86l5r50IAu3GePEjQLhZCik2ezQu6cnqswTT?=
	=?us-ascii?q?ZRee7XsbFGMNm1xHBBaTvz/gWZKkkCzhtvd0kAOAPMv6Sb18DT647qFnTBLAkT?=
	=?us-ascii?q?oOLT0i/WrKkM1sneRQpxf39E83+JLdfIzAbKk2RajaZ95PHWc=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GoAQB3nFFXfS7AVdFchQ24SYQIhhKBO?=
	=?us-ascii?q?EwBAQEBAQECAg8BAQkLCwkhL4IwfiwISAEBHAEVLgEBNwGBFAEFASITIogNo16?=
	=?us-ascii?q?BMT4xilSFKAEBBYxmAQEIHwgQhAuQc5hKjiaJMYVpjhMwgQ+CToIQUooSAQEB?=
X-IPAS-Result: =?us-ascii?q?A0GoAQB3nFFXfS7AVdFchQ24SYQIhhKBOEwBAQEBAQECAg8?=
	=?us-ascii?q?BAQkLCwkhL4IwfiwISAEBHAEVLgEBNwGBFAEFASITIogNo16BMT4xilSFKAEBB?=
	=?us-ascii?q?YxmAQEIHwgQhAuQc5hKjiaJMYVpjhMwgQ+CToIQUooSAQEB?=
X-IronPort-AV: E=Sophos;i="5.26,412,1459814400"; d="scan'208";a="14310860"
Received: from mail-qg0-f46.google.com ([209.85.192.46])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/AES128-GCM-SHA256;
	03 Jun 2016 15:09:33 +0000
Received: by mail-qg0-f46.google.com with SMTP id q32so13030915qgq.3
	for <selinux@tycho.nsa.gov>; Fri, 03 Jun 2016 08:09:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=quarksecurity.com; s=google;
	h=from:to:cc:subject:date:message-id;
	bh=05jOZ+IiQkZGReP8BcFWe3+I2UixxHeDqjqwqseskp0=;
	b=J/Rnt+awFLVFTzrplasNZnEPz3vtmXU45/dk/w0xdMu50Cw1kEp7PiE8x4YQ+tQ5kD
	96lnpOIUjGfYA3Kanqfvq1lSi265+x0IGaY0q0kN1WWquv8LsMa1KP1ZF3HkLrOpNx08
	2XCQ4d9cswttLUwVo7tOiffxBT6fK03HsXJWs=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=05jOZ+IiQkZGReP8BcFWe3+I2UixxHeDqjqwqseskp0=;
	b=HAD7Gss0dkwEmxt0WxUFGF9ttEko9OdLcfyNzRouezVfyPfe47BsGnm1Pg3S5WrJd2
	R12goWWsKCpDWleI49FBd204Ic+hb9FbE5zNHMPktBskkt4balFE3SeWByZg+LifzEyu
	A0yxOwcDnSWlGqF4UdZnBiC6LhaBK0ZAMjuIxWsqzuK5dxBkF8muGDm2K/zFeCRjsPiu
	65Tm9gmpw/Nl8qxAZCjnfm0Kt5T/s6XL2/2PEUbhdMHuOybT5SKD3gncpzWCDi+9NM8T
	kCbdS4tJwVm3uVcufNupiH1wBdHGuomZNuqwsTFfqE9KVWABlk0J/DcIoM9km2gzh/WO
	fgWQ==
X-Gm-Message-State: 
 ALyK8tLM67j4OLj8o/N2WjHge0xOGK8m+QQr7ytDwYhJl68/jMUydsVjBMf+OrMgx6s2Fj2J
X-Received: by 10.140.41.200 with SMTP id z66mr3583570qgz.20.1464966572310;
	Fri, 03 Jun 2016 08:09:32 -0700 (PDT)
Received: from charmzilla.localdomain ([50.253.7.1])
	by smtp.gmail.com with ESMTPSA id
	96sm1157940qkz.5.2016.06.03.08.09.31
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 03 Jun 2016 08:09:31 -0700 (PDT)
From: Joshua Brindle <brindle@quarksecurity.com>
To: selinux <selinux@tycho.nsa.gov>
Subject: [PATCH 1/2] Modify audit2why analyze function to use loaded policy
Date: Fri,  3 Jun 2016 11:09:25 -0400
Message-Id: <1464966566-14597-1-git-send-email-brindle@quarksecurity.com>
X-Mailer: git-send-email 2.1.0
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

Class and perms should come from the policy being used for analysis,
not the system policy so use sepol_ interfaces

Change-Id: Ia0590ed2514249fd98810a8d4fe87f8bf5280561
Signed-off-by: Joshua Brindle <brindle@quarksecurity.com>
---
 libselinux/src/audit2why.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 12745b3..abe1701 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -343,8 +343,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 	if (rc < 0)
 		RETURN(BADTCON)
 
-	tclass = string_to_security_class(tclassstr);
-	if (!tclass)
+	rc = sepol_string_to_security_class(tclassstr, &tclass);
+	if (rc < 0)
 		RETURN(BADTCLASS)
 
 	/* Convert the permission list to an AV. */
@@ -365,8 +365,8 @@ static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args
 		permstr = PyString_AsString( strObj );
 #endif
 		
-		perm = string_to_av_perm(tclass, permstr);
-		if (!perm)
+		rc = sepol_string_to_av_perm(tclass, permstr, &perm);
+		if (rc < 0)
 			RETURN(BADPERM)
 
 		av |= perm;