From patchwork Tue Aug 23 23:03:48 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Guido Trentalancia <guido@trentalancia.net>
X-Patchwork-Id: 9296593
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	72975607D0 for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Aug 2016 23:04:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3EF0C28156
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Aug 2016 23:04:50 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 2F22A2862E; Tue, 23 Aug 2016 23:04:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EB80528156
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 23 Aug 2016 23:04:48 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.28,567,1464652800"; d="scan'208";a="16876421"
IronPort-PHdr: =?us-ascii?q?9a23=3A+pe7ex16V2WaOBEasmDT+DRfVm0co7zxezQtwd8Z?=
	=?us-ascii?q?sekeL/ad9pjvdHbS+e9qxAeQG96KsrQf1qGP4+igATVGusfZ9ihaMdRlbFwssY?=
	=?us-ascii?q?0uhQsuAcqIWwXQDcXBSGgEJvlET0Jv5HqhMEJYS47UblzWpWCuv3ZJQk2sfTR8?=
	=?us-ascii?q?Kum9IIPOlcP/j7n0oMyKJV4Vz2PtKfMqdVPt/F2X7pFXyaJZaY8JgiPTpXVJf+?=
	=?us-ascii?q?kEjUhJHnm02yjG28Gr4ZR4+D5Rsf9yv+RJUKH9YrhqBecAVGduGykP6cbqrRjO?=
	=?us-ascii?q?SxeUrjtZCz1O00lzGwHAzBzzUprrnCr3suY1+CSTMcDsBYs/Xi6j6agjCESwyX?=
	=?us-ascii?q?Q6LTpxzEX7wow11foa81qdoElHypPQKKSSM+BzNvfFdM4ebXJIQ8IUUitGGI76?=
	=?us-ascii?q?ZIwKWa5JBvpVt4nwoRM1qBK6AQS9TLf0xiRgmm793ap81f8oVw7BwlpzMcgJtS?=
	=?us-ascii?q?H7sdT5M+8uS+2z0KDMxDPIbvoejTjg6YTPWgw7rPeQVLZ5d8HQwA8pGh+T3QbY?=
	=?us-ascii?q?kpDsIz7AjrdFiGOc9ec1ELL3hg=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2H/BAC71bxX/wHyM5BdGgEBAQGDCwEBAQEBHoFSugEgh3V?=
	=?us-ascii?q?MAQEBAQEBAQIBAlsngjIEARWCFQEBBAECNxQgCwMDCQEBCg0nAggIAwEtDAkRB?=
	=?us-ascii?q?gEHCwUYBIgQBL14AQEIAgEkinqEEAIRAQaFcQWZSJAIiQmFYEiLeIN5VIIRARy?=
	=?us-ascii?q?BTm6ETA8XgR8BAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 23 Aug 2016 23:04:46 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7NN414T026215;
	Tue, 23 Aug 2016 19:04:10 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u7NN3xSN124949 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Tue, 23 Aug 2016 19:03:59 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7NN3xAg026193
	for <selinux@tycho.nsa.gov>; Tue, 23 Aug 2016 19:03:59 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1CbAgCU1bxXh0s2WFFdHAGDDAEBAQEBt2yEDIYdAoI7AQEBAQEBAQITAQEBCA0JCRmFEAEBAQMjVhALGgIYDgICPRoGAYhHrX6PfwEBAQEBBQEBAQEjgQKJeIQQGoMXgloFmUiQCI5pSIt4g3mCZQERC4FOhTqBRQEBAQ
X-IPAS-Result: 
 A1CbAgCU1bxXh0s2WFFdHAGDDAEBAQEBt2yEDIYdAoI7AQEBAQEBAQITAQEBCA0JCRmFEAEBAQMjVhALGgIYDgICPRoGAYhHrX6PfwEBAQEBBQEBAQEjgQKJeIQQGoMXgloFmUiQCI5pSIt4g3mCZQERC4FOhTqBRQEBAQ
X-IronPort-AV: E=Sophos;i="5.28,567,1464667200"; d="scan'208";a="5661609"
Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov)
	([10.208.41.37])
	by goalie.tycho.ncsc.mil with ESMTP; 23 Aug 2016 19:03:57 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3ADpi7lBH7SookSZfm/pLMp51GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ74oM2wAkXT6L1XgUPTWs2DsrQf2rOQ6P2rADxIoc7Y9itTKNoUD15NoP?=
	=?us-ascii?q?5VtjRoONSCB0z/IayiRA0BN+MGamVY+WqmO1NeAsf0ag6aiHSz6TkPBke3blIt?=
	=?us-ascii?q?dazLE4Lfx/66y/q1s8WKJV4Z3XzmPPgrfF329VyX7ZhOx9M6a+4Y8VjgmjNwYe?=
	=?us-ascii?q?NYxGdldxq4vi3XwYOOxqNl6DlaoPk79sRNAu3QdqU8SqFEXnx9azhmrOWijxTI?=
	=?us-ascii?q?TBOO630ASS1W10MQW0mW1wnzW7f8uyf3rMR81S2Wde37RLw5Q3yZ5KBxSRnnwG?=
	=?us-ascii?q?dcb39quF3Q3/R5kaYThRWmvRE3l5bdfYW9LPNjeubYetQASCxKWcMHE2R6Ho6k?=
	=?us-ascii?q?b4YJR9EENOJcopi180ACtjOiFAKsA6Xp0TYOiXjoi/4UyeMkRC7b3QAnV+4UvX?=
	=?us-ascii?q?LIpdH8MqwTWKjhw7TJwTLrc+lb3yv07IHOeREo5/eBQeQjIoLq1UAzGlad3R2r?=
	=?us-ascii?q?oov/MmbQibwA?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0EGAwB/1bxXh0s2WFFdHAGDDAEBAQEBt?=
	=?us-ascii?q?2yEDIYdAoI7AQEBAQEBAQIBAhABAQEIDQkJGS+CMgQBFYIVAQEBAyNWEAsaAhg?=
	=?us-ascii?q?OAgI9GgYBiEetfo9/AQEBAQEFAQEBASOBAol4hBAagxeCWgWZSJAIjmlIi3iDe?=
	=?us-ascii?q?YJlARELgU6FOoFFAQEB?=
X-IPAS-Result: =?us-ascii?q?A0EGAwB/1bxXh0s2WFFdHAGDDAEBAQEBt2yEDIYdAoI7AQE?=
	=?us-ascii?q?BAQEBAQIBAhABAQEIDQkJGS+CMgQBFYIVAQEBAyNWEAsaAhgOAgI9GgYBiEetf?=
	=?us-ascii?q?o9/AQEBAQEFAQEBASOBAol4hBAagxeCWgWZSJAIjmlIi3iDeYJlARELgU6FOoF?=
	=?us-ascii?q?FAQEB?=
X-IronPort-AV: E=Sophos;i="5.28,567,1464652800"; d="scan'208";a="18702888"
Received: from authsmtp34.register.it (HELO authsmtp.register.it)
	([81.88.54.75])
	by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA;
	23 Aug 2016 23:03:56 +0000
Received: from vortex.lan ([151.76.69.70]) by paganini31 with
	id an3o1t00H1Wy5Br01n3u3n; Wed, 24 Aug 2016 01:03:55 +0200
X-Rid: guido@trentalancia.net@151.76.69.70
Message-ID: <1471993428.12192.1.camel@trentalancia.net>
Subject: Re: [PATCH v5] Classify AF_ALG sockets
From: Guido Trentalancia <guido@trentalancia.net>
To: Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 24 Aug 2016 01:03:48 +0200
In-Reply-To: 
 <CAHC9VhRp80bRirP=p8gqzdf_37ZeuKGxfUVqZqS5p0_X_z71Ug@mail.gmail.com>
References: <1471709886.22998.1.camel@trentalancia.net>
	<CAHC9VhRouoqqrq_Vn1A3wh7kwvodUK-j7xR3=uwep7t0Ktdh3w@mail.gmail.com>
	<89E5C3EA-9794-4496-A195-1C997A5BBF44@trentalancia.net>
	<CAGH-KguvJZVLAUYQP_iFk2KG7DDFe9kGADWK_dkbGPHuStjpcQ@mail.gmail.com>
	<43BE5B4F-9AE4-4EDB-825A-F1C15042B385@trentalancia.net>
	<CAHC9VhQOTQNsNT7T53qE5g1pK8BN270ZAFyUJ0xAnzsbPg57YA@mail.gmail.com>
	<1471799849.2544.2.camel@trentalancia.net>
	<1471870947.2354.1.camel@trentalancia.net>
	<1471899875.19333.3.camel@trentalancia.net>
	<1471961693.30659.7.camel@trentalancia.net>
	<082767a3-acab-4d46-6195-06e35251d53e@tycho.nsa.gov>
	<CAHC9VhRp80bRirP=p8gqzdf_37ZeuKGxfUVqZqS5p0_X_z71Ug@mail.gmail.com>
X-Mailer: Evolution 3.20.5 
Mime-Version: 1.0
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: selinux@tycho.nsa.gov
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

This patch for the SELinux testsuite aims to add a very simple test
for sockets in the AF_ALG namespace.

However, I met some problems while trying to run it, so testing is
needed.

 policy/Makefile           |    2 -
 policy/test_alg_socket.te |   25 +++++++++++++++++
 tests/alg_socket/Makefile |    5 +++
 tests/alg_socket/client.c |   66 ++++++++++++++++++++++++++++++++++++++++++++++
 tests/alg_socket/test     |   22 +++++++++++++++
 5 files changed, 119 insertions(+), 1 deletion(-)

diff -pruN selinux-testsuite-git-23082016-orig/policy/Makefile selinux-testsuite-git-23082016/policy/Makefile
--- selinux-testsuite-git-23082016-orig/policy/Makefile	2016-08-23 20:50:08.527633728 +0200
+++ selinux-testsuite-git-23082016/policy/Makefile	2016-08-24 00:56:38.114854854 +0200
@@ -20,7 +20,7 @@ TARGETS = \
 	test_task_create.te test_task_getpgid.te test_task_getsched.te \
 	test_task_getsid.te test_task_setpgid.te test_task_setsched.te \
 	test_transition.te test_inet_socket.te test_unix_socket.te \
-	test_wait.te test_mmap.te
+	test_alg_socket.te test_wait.te test_mmap.te
 
 ifeq ($(shell [ $(POL_VERS) -ge 24 ] && echo true),true)
 TARGETS += test_bounds.te
diff -pruN selinux-testsuite-git-23082016-orig/policy/test_alg_socket.te selinux-testsuite-git-23082016/policy/test_alg_socket.te
--- selinux-testsuite-git-23082016-orig/policy/test_alg_socket.te	1970-01-01 01:00:00.000000000 +0100
+++ selinux-testsuite-git-23082016/policy/test_alg_socket.te	2016-08-24 00:31:51.588695889 +0200
@@ -0,0 +1,25 @@
+#################################
+#
+# Policy for testing sockets in
+# the AF_ALG namespace (Crypto
+# API).
+#
+
+attribute algsocketdomain;
+
+# Domain for client process.
+type test_alg_socket_client_t;
+domain_type(test_alg_socket_client_t)
+unconfined_runs_test(test_alg_socket_client_t)
+typeattribute test_alg_socket_client_t testdomain;
+typeattribute test_alg_socket_client_t algsocketdomain;
+
+# client can bind socket.
+allow test_alg_socket_client_t self:alg_socket bind;
+
+# client can request to load a kernel module
+kernel_request_load_module(algsocketdomain)
+
+# Allow all of these domains to be entered from the sysadm domain.
+miscfiles_domain_entry_test_files(algsocketdomain)
+userdom_sysadm_entry_spec_domtrans_to(algsocketdomain)
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/client.c selinux-testsuite-git-23082016/tests/alg_socket/client.c
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/client.c	1970-01-01 01:00:00.000000000 +0100
+++ selinux-testsuite-git-23082016/tests/alg_socket/client.c	2016-08-24 00:58:47.075516771 +0200
@@ -0,0 +1,66 @@
+#include <sys/socket.h>
+#include <linux/if_alg.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+void usage(char *progname)
+{
+	fprintf(stderr,
+		"usage:  %s [succeed|fail]\n",
+		progname);
+	exit(1);
+}
+
+int
+main(int argc, char **argv)
+{
+	int succeed;
+	int sock;
+
+	if (argc != 2)
+		usage(argv[0]);
+
+	if (!strcmp(argv[1], "succeed"))
+		succeed = 1;
+	else if (!strcmp(argv[1], "fail"))
+		succeed = 0;
+	else
+		usage(argv[0]);
+
+	sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+	if (sock < 0) {
+		perror("socket");
+		exit(1);
+	}
+
+	if (succeed == 1) {
+		struct sockaddr_alg sa_good = {
+			.salg_family = AF_ALG,
+			.salg_type = "hash",
+			.salg_name = "sha256",
+		};
+
+		if (bind(sock, (struct sockaddr *) &sa_good, sizeof(sa_good)) < 0) {
+			perror("bind (algorithm available)");
+			close(sock);
+			exit(1);
+		}
+	} else {
+		struct sockaddr_alg sa_bad = {
+			.salg_family = AF_ALG,
+			.salg_type = "hash",
+			.salg_name = "NOTAVAILABLE",
+		};
+
+		if (bind(sock, (struct sockaddr *) &sa_bad, sizeof(sa_bad)) < 0) {
+			perror("bind (algorithm not available)");
+			close(sock);
+			exit(1);
+		}
+	}
+
+	close(sock);
+	exit(0);
+}
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/Makefile selinux-testsuite-git-23082016/tests/alg_socket/Makefile
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/Makefile	1970-01-01 01:00:00.000000000 +0100
+++ selinux-testsuite-git-23082016/tests/alg_socket/Makefile	2016-08-23 23:07:46.866079516 +0200
@@ -0,0 +1,5 @@
+TARGETS=client
+
+all: $(TARGETS)
+clean:
+	rm -f $(TARGETS)
diff -pruN selinux-testsuite-git-23082016-orig/tests/alg_socket/test selinux-testsuite-git-23082016/tests/alg_socket/test
--- selinux-testsuite-git-23082016-orig/tests/alg_socket/test	1970-01-01 01:00:00.000000000 +0100
+++ selinux-testsuite-git-23082016/tests/alg_socket/test	2016-08-24 00:24:26.678950567 +0200
@@ -0,0 +1,22 @@
+#!/usr/bin/perl
+
+use Test;
+BEGIN { plan tests => 2}
+
+$basedir = $0;  $basedir =~ s|(.*)/[^/]*|$1|;
+
+#
+# Tests for sockets in the AF_ALG namespace (Crypto API).
+#
+
+# Verify that the client can initialize the server with an
+# available algorithm.
+$result = system "runcon -t test_alg_socket_client_t $basedir/client succeed";
+ok($result, 0);
+
+# Verify that the client cannot initialize the server with an
+# unavailable algorithm.
+$result = system "runcon -t test_alg_socket_client_t $basedir/client fail";
+ok($result);
+
+exit;