From patchwork Tue Aug 23 15:21:22 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guido Trentalancia X-Patchwork-Id: 9295859 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B88FC607D0 for ; Tue, 23 Aug 2016 15:27:11 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A091628770 for ; Tue, 23 Aug 2016 15:27:11 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 952BC28C8F; Tue, 23 Aug 2016 15:27:11 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 3AE6428770 for ; Tue, 23 Aug 2016 15:27:07 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,566,1464652800"; d="scan'208";a="16854395" IronPort-PHdr: =?us-ascii?q?9a23=3A3z2+kRF1PX2gcIWIH/TDgJ1GYnF86YWxBRYc798d?= =?us-ascii?q?s5kLTJ74r8mwAkXT6L1XgUPTWs2DsrQf2rOQ6PyrCTJIoc7Y9itTKNoUD15NoP?= =?us-ascii?q?5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blIt?= =?us-ascii?q?dazLE4Lfx/66y/q1s8WKJV4Z3XzmPfgicl329VyX7ZhOx9M6a+4Y8VjgmjNwYe?= =?us-ascii?q?NYxGdldxq4vi3XwYOOxqNl6DlaoPk79sRNAu3QdqU8SqFEXnx9azhmrOWijxTI?= =?us-ascii?q?TBOO630ASS1W10MQW0mW1wnzW7f8uyf3rMR81S2Wde37RLw5Q3yZ5KBxSRnnwG?= =?us-ascii?q?dcb39qzXvTwvBUoOob5Uv55k83/4mBW52YLPpzeOvmeNoeQWdQFpJKWzdpHpK3?= =?us-ascii?q?b4xJCfEIe+lfsd+572MHsB/2IA6rHu6nnidBm3vexaQn16EkFgbc0UorGNdY41?= =?us-ascii?q?rOq9CgG7oTXef98LPFyynKa/pQ0jb0oNzHbxEtptmQR792bcPVwE8kFgqDiFiM?= =?us-ascii?q?/9+2dwiJ3/gA5jDIp9FrUvii3it38ww=3D?= X-IPAS-Result: =?us-ascii?q?A2HIBgAuarxX/wHyM5BdHAEBgwsBAQEBARyBUrl7JYdvTAE?= =?us-ascii?q?BAQEBAQECAQJbJ4IyBAEVghUCBAECNxQgCwMDCQEBFwEmAggIAwEtDAkRBgEHC?= =?us-ascii?q?wUYBIgQBL1nAQEIAgEkjwwRAYV3BZlIkAiBBogDhV4CSIYhhVeDeVSDfG6EW4E?= =?us-ascii?q?2AQEB?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Aug 2016 15:25:16 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7NFLkqp006361; Tue, 23 Aug 2016 11:22:34 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7NFLaQM123047 for ; Tue, 23 Aug 2016 11:21:36 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7NFLTaY006341 for ; Tue, 23 Aug 2016 11:21:36 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1AjAgBCabxXhzEwWFFdgykBAQEBAYFupFaRJYQMhh0CgjUBAQEBAQEBAhMBAQEIDQkJGYUQAgEDI1YQGQwCGA4CAj0aBgESiDWtYpAEAQEBAQEFAQEBASOBApE5gloFmUiQCIEGjWECSIYhhVeDeYJ3gVluhhEBAQE X-IPAS-Result: A1AjAgBCabxXhzEwWFFdgykBAQEBAYFupFaRJYQMhh0CgjUBAQEBAQEBAhMBAQEIDQkJGYUQAgEDI1YQGQwCGA4CAj0aBgESiDWtYpAEAQEBAQEFAQEBASOBApE5gloFmUiQCIEGjWECSIYhhVeDeYJ3gVluhhEBAQE X-IronPort-AV: E=Sophos;i="5.28,566,1464667200"; d="scan'208";a="5660486" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 23 Aug 2016 11:21:29 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3A+osvRB1Y0bkwz+basmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?sekRK/ad9pjvdHbS+e9qxAeQG96KsrQf16GG7eigATVGusfZ9ihaMdRlbFwssY?= =?us-ascii?q?0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk2sfTR8?= =?us-ascii?q?Kum9IIPOlcP/j7n0oMyKJV4Uz2rjKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?= =?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduGykP6cbqrRjO?= =?us-ascii?q?SxeUrjtZCz1O00lzGwHAzBzzUprrnCr3suY1+CSTMcDsBYs/Xi6j6agjCESwyX?= =?us-ascii?q?RPCzlsy33aksx9iupgpRuloxFui9rPbJq9KOt1fqSbe8gTA2VGQJAVHxRIH4f0?= =?us-ascii?q?SowIFedJaf5Rso3Vv1ITqV67Ag62CaXkzToe1VHs2qhv/PkgHQaO4BYtGc4HtH?= =?us-ascii?q?3Sp9T8fPMdTOG5y4HU1zjFc/pS0DH26YGOdB0996LfFYlseNbcnBF8XzjOiU+d?= =?us-ascii?q?/Mm6Zz4=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GVAgDFaLxXhzEwWFFdL4J6AQEBAQGBb?= =?us-ascii?q?qRWkSWEDIYdAoI1AQEBAQEBAQIBAhABAQEIDQkJGS+CMgQBFYIVAgEDI1YQGQw?= =?us-ascii?q?CGA4CAj0aBgESiDWtYZAEAQEBAQEFAQEBASOBApE5gloFmUiQCIEGjWECSIYhh?= =?us-ascii?q?VeDeYJ3gVluhhEBAQE?= X-IPAS-Result: =?us-ascii?q?A0GVAgDFaLxXhzEwWFFdL4J6AQEBAQGBbqRWkSWEDIYdAoI?= =?us-ascii?q?1AQEBAQEBAQIBAhABAQEIDQkJGS+CMgQBFYIVAgEDI1YQGQwCGA4CAj0aBgESi?= =?us-ascii?q?DWtYZAEAQEBAQEFAQEBASOBApE5gloFmUiQCIEGjWECSIYhhVeDeYJ3gVluhhE?= =?us-ascii?q?BAQE?= X-IronPort-AV: E=Sophos;i="5.28,566,1464652800"; d="scan'208";a="16854162" Received: from authsmtp12.register.it (HELO authsmtp.register.it) ([81.88.48.49]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA; 23 Aug 2016 15:21:26 +0000 Received: from vortex.lan ([151.76.69.70]) by paganini32 with id afMP1t00K1Wy5Br01fMP8P; Tue, 23 Aug 2016 17:21:24 +0200 X-Rid: guido@trentalancia.net@151.76.69.70 Message-ID: <1471965682.30659.22.camel@trentalancia.net> Subject: [PATCH] Update libsepol to support the policy capability for AF_ALG sockets From: Guido Trentalancia To: Stephen Smalley , Paul Moore Date: Tue, 23 Aug 2016 17:21:22 +0200 In-Reply-To: <082767a3-acab-4d46-6195-06e35251d53e@tycho.nsa.gov> References: <1471709886.22998.1.camel@trentalancia.net> <89E5C3EA-9794-4496-A195-1C997A5BBF44@trentalancia.net> <43BE5B4F-9AE4-4EDB-825A-F1C15042B385@trentalancia.net> <1471799849.2544.2.camel@trentalancia.net> <1471870947.2354.1.camel@trentalancia.net> <1471899875.19333.3.camel@trentalancia.net> <1471961693.30659.7.camel@trentalancia.net> <082767a3-acab-4d46-6195-06e35251d53e@tycho.nsa.gov> X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: selinux@tycho.nsa.gov Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Update libsepol with the new policy capability needed to classify sockets in the AF_ALG namespace (Crypto API). Signed-off-by: Guido Trentalancia --- include/sepol/policydb/polcaps.h | 1 + src/polcaps.c | 1 + 2 files changed, 2 insertions(+) diff -pru libsepol-git-23082016/include/sepol/policydb/polcaps.h libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h --- libsepol-git-23082016/include/sepol/policydb/polcaps.h 2016-08-23 17:08:58.690837319 +0200 +++ libsepol-git-23082016-alg_socket/include/sepol/policydb/polcaps.h 2016-08-23 17:13:52.794644956 +0200 @@ -11,6 +11,7 @@ enum { POLICYDB_CAPABILITY_OPENPERM, POLICYDB_CAPABILITY_REDHAT1, /* reserved for RH testing of ptrace_child */ POLICYDB_CAPABILITY_ALWAYSNETWORK, + POLICYDB_CAPABILITY_ALGSOCKET, /* Crypto API socket namespace */ __POLICYDB_CAPABILITY_MAX }; #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) diff -pru libsepol-git-23082016/src/polcaps.c libsepol-git-23082016-alg_socket/src/polcaps.c --- libsepol-git-23082016/src/polcaps.c 2016-08-23 17:08:58.696837395 +0200 +++ libsepol-git-23082016-alg_socket/src/polcaps.c 2016-08-23 17:11:49.145026939 +0200 @@ -10,6 +10,7 @@ static const char *polcap_names[] = { "open_perms", /* POLICYDB_CAPABILITY_OPENPERM */ "redhat1", /* POLICYDB_CAPABILITY_REDHAT1, aka ptrace_child */ "always_check_network", /* POLICYDB_CAPABILITY_ALWAYSNETWORK */ + "alg_socket", /* POLICYDB_CAPABILITY_ALGSOCKET (Crypto API socket namespace) */ NULL };