From patchwork Sat Aug 27 12:44:15 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guido Trentalancia X-Patchwork-Id: 9302359 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C8E9F607D8 for ; Sat, 27 Aug 2016 12:45:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AFAFD28C35 for ; Sat, 27 Aug 2016 12:45:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 8CACF28CDE; Sat, 27 Aug 2016 12:45:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from emsm-gh1-uea11.nsa.gov (smtp.nsa.gov [8.44.101.9]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 82ED228C35 for ; Sat, 27 Aug 2016 12:45:53 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,586,1464652800"; d="scan'208";a="18802159" IronPort-PHdr: =?us-ascii?q?9a23=3AwejxfRYVANKnnpfbzV+gKtb/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZpM2/bnLW6fgltlLVR4KTs6sC0LuP9fy6EjBbqdbZ6TZZIcQKD0dEwe?= =?us-ascii?q?wt3CUYSPafDkP6KPO4JwcbJ+9lEGFfwnegLEJOE9z/bVCB6le77DoVBwmtfVEt?= =?us-ascii?q?fre9JIfegoyN2vyo/NWLOkMT1WP7Pek5cE7+7V2I8JJH2c06cud54yCKi0MAQ/?= =?us-ascii?q?5Ry2JsKADbtDfHzeD0wqRe9T9Nsekq7c9KXPayVa05SbtFEGZuaDhtt4XQrRDG?= =?us-ascii?q?bQaG6nYGfGQblhYAIwXM4BzgFqz6tTH7sOU1mHLCfJ7LV7R8ZRCOp+cuFl67wB?= =?us-ascii?q?sAYiU09GDRl9xYkLNQoBXnoQd2hYHTftK7Lv17K4zAfN8dDVZbU8BNXihIBIi9?= =?us-ascii?q?ZsNbAPcAMeFws5PwoUcHqRK4DgilQuXi1mkb1TfNwaQm3rF5Qkn91ws6EodU7H?= =?us-ascii?q?k=3D?= X-IPAS-Result: =?us-ascii?q?A2EDBgBAisFX/wHyM5BdHQESAQwSgn4BAQEBAR5XfLogIge?= =?us-ascii?q?HQUwBAQEBAQEBAQIBAlsngjIKGjk8AQEBAQEBIwINZgIkExQgDgMJAhcnAggIA?= =?us-ascii?q?wEtDAkfCwUYBIgfBMAuBY8NEQFohRAFmU+GIIlyiQuFYQKIJoQeg3lUgW55gTd?= =?us-ascii?q?uhC2CHwEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.nsa.gov with ESMTP; 27 Aug 2016 12:45:50 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7RCiTUU022889; Sat, 27 Aug 2016 08:44:37 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u7RCiQxW023937 for ; Sat, 27 Aug 2016 08:44:26 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u7RCiQTW022887 for ; Sat, 27 Aug 2016 08:44:26 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DFAgCxisFXhzQwWFFdHAEBEgEEAQGDFgEBAQEBdXyDR6ErkSeEEBQMiA0BAgEBAQEBAhMBAQEIDQkJGYU6BIEHAhgOAj8ziESgbI9lj2AFgQOPBII2gloFmU+GIIlyjmwCjESDeYMZIoE3boZMAQEB X-IPAS-Result: A1DFAgCxisFXhzQwWFFdHAEBEgEEAQGDFgEBAQEBdXyDR6ErkSeEEBQMiA0BAgEBAQEBAhMBAQEIDQkJGYU6BIEHAhgOAj8ziESgbI9lj2AFgQOPBII2gloFmU+GIIlyjmwCjESDeYMZIoE3boZMAQEB X-IronPort-AV: E=Sophos;i="5.28,586,1464667200"; d="scan'208";a="5668396" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 27 Aug 2016 08:44:25 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3ADthtxhDK0QORSH1rsR6nUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP/6ocbcNUDSrc9gkEXOFd2CrakV0qyK6eu9BCRAuc/H6yFaNsQUFlcsso?= =?us-ascii?q?Y/p0QYGsmLCEn2frbBThcRO4B8bmJj5GyxKkNPGczzNBX4q3y26iMOSF2kbVIm?= =?us-ascii?q?btr8FoOatcmrzef6o8SVOFQRwmbnKu4vZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?= =?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN939XisDnO?= =?us-ascii?q?RAeC/FUdX2Ea2jpFCgTI9lnBVZDrsy31/qomgGjJC+StEutxAWjqr/ozCUygtC?= =?us-ascii?q?BSLDM98WfKmuRsnalbp1SnvBU5zInKM6+PM/8rUb7ccdRSeXBMWNpYUyVHCYK1?= =?us-ascii?q?J98AEusNOs5EtYT7u1IKpB21BADqAu7znGwbzkTq1LE3hrxyWTrN2xYtSoJWvQ?= =?us-ascii?q?=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GpBAB0isFXhzQwWFFdHQESAQYFAREBg?= =?us-ascii?q?n4BAQEBAXV8g0ehK5EnhBAUDIgNAQEBAQEBAQECAQIQAQEBCA0JCRkvgjIKBwI?= =?us-ascii?q?CAQ45PAEBAQEBASMCDYEIBIEHAhgOAj8ziESgao9lj2AFgQOPBII2gloFmU+GI?= =?us-ascii?q?IlyjmwCiCaEHoN5gxkigTduhkwBAQE?= X-IPAS-Result: =?us-ascii?q?A0GpBAB0isFXhzQwWFFdHQESAQYFAREBgn4BAQEBAXV8g0e?= =?us-ascii?q?hK5EnhBAUDIgNAQEBAQEBAQECAQIQAQEBCA0JCRkvgjIKBwICAQ45PAEBAQEBA?= =?us-ascii?q?SMCDYEIBIEHAhgOAj8ziESgao9lj2AFgQOPBII2gloFmU+GIIlyjmwCiCaEHoN?= =?us-ascii?q?5gxkigTduhkwBAQE?= X-IronPort-AV: E=Sophos;i="5.28,586,1464652800"; d="scan'208";a="17004920" Received: from authsmtp02.register.it (HELO authsmtp.register.it) ([81.88.48.52]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA; 27 Aug 2016 12:44:24 +0000 Received: from vortex.lan ([151.76.69.70]) by paganini35 with id cCkF1t00F1Wy5Br01CkN59; Sat, 27 Aug 2016 14:44:22 +0200 X-Rid: guido@trentalancia.net@151.76.69.70 Message-ID: <1472301855.5566.1.camel@trentalancia.net> Subject: [PATCH] libsepol: Produce more meaningful error messages for conflicting type rules From: Guido Trentalancia To: selinux@tycho.nsa.gov Date: Sat, 27 Aug 2016 14:44:15 +0200 X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Produce more meaningful error messages when conflicting type rules are found by libsepol. Fixes Debian bug #832331 (https://bugs.debian.org/832331). Signed-off-by: Guido Trentalancia --- cil/src/cil_binary.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- libsepol-2.5/cil/src/cil_binary.c 2016-02-23 17:31:41.000000000 +0100 +++ libsepol-2.5-conflicting_type_rules/cil/src/cil_binary.c 2016-08-27 14:31:44.307988662 +0200 @@ -973,7 +973,7 @@ avtab_datum_t *cil_cond_av_list_search(a return NULL; } -int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src, uint32_t tgt, uint32_t obj, uint32_t res, cond_node_t *cond_node, enum cil_flavor cond_flavor) +int __cil_insert_type_rule(policydb_t *pdb, uint32_t kind, uint32_t src, uint32_t tgt, uint32_t obj, uint32_t res, struct cil_type_rule *cil_rule, cond_node_t *cond_node, enum cil_flavor cond_flavor) { int rc = SEPOL_OK; avtab_key_t avtab_key; @@ -1008,7 +1008,7 @@ int __cil_insert_type_rule(policydb_t *p * non-duplicate rule using the same key. */ if (existing->datum.data != res) { - cil_log(CIL_ERR, "Conflicting type rules\n"); + cil_log(CIL_ERR, "Conflicting type rules (scontext=%s tcontext=%s tclass=%s result=%s)\n", cil_rule->src_str, cil_rule->tgt_str, cil_rule->obj_str, cil_rule->result_str); rc = SEPOL_ERR; } goto exit; @@ -1034,7 +1034,7 @@ int __cil_insert_type_rule(policydb_t *p search_datum = cil_cond_av_list_search(&avtab_key, other_list); if (search_datum == NULL) { if (existing->datum.data != res) { - cil_log(CIL_ERR, "Conflicting type rules\n"); + cil_log(CIL_ERR, "Conflicting type rules (scontext=%s tcontext=%s tclass=%s result=%s)\n", cil_rule->src_str, cil_rule->tgt_str, cil_rule->obj_str, cil_rule->result_str); rc = SEPOL_ERR; goto exit; } @@ -1093,7 +1093,7 @@ int __cil_type_rule_to_avtab(policydb_t rc = __cil_get_sepol_class_datum(pdb, DATUM(c->data), &sepol_obj); if (rc != SEPOL_OK) goto exit; - rc = __cil_insert_type_rule(pdb, kind, sepol_src->s.value, sepol_tgt->s.value, sepol_obj->s.value, sepol_result->s.value, cond_node, cond_flavor); + rc = __cil_insert_type_rule(pdb, kind, sepol_src->s.value, sepol_tgt->s.value, sepol_obj->s.value, sepol_result->s.value, cil_rule, cond_node, cond_flavor); if (rc != SEPOL_OK) goto exit; } }