From patchwork Thu Feb 6 13:12:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11368415 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 01EE314E3 for ; Thu, 6 Feb 2020 13:13:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id C16A921775 for ; Thu, 6 Feb 2020 13:13:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="Luc/GVIw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726538AbgBFNNC (ORCPT ); Thu, 6 Feb 2020 08:13:02 -0500 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:35136 "EHLO us-smtp-delivery-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727325AbgBFNNC (ORCPT ); Thu, 6 Feb 2020 08:13:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580994781; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nU82ZHZptAFpbrkz0dlfioRCEDi4mgbZvbBpHkPRli0=; b=Luc/GVIwT7SoTUDFPBF2ZNF/Yrn8X4YsZ12SW3caaOXSaXRuNtxxF25rrTRiBvoh0DXdCK ks9zolApQEUsNNgjomwyCudX3gOAE+EbDJLtfR4Daz3wVvFBHHa4D0caYofZ4/aqqN8tjW iyH5qxC4EMH7O5L9IcEzBN2sc01hT0o= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-213-CNS6OKYCNjqySQpifVzdOw-1; Thu, 06 Feb 2020 08:12:58 -0500 X-MC-Unique: CNS6OKYCNjqySQpifVzdOw-1 Received: by mail-wm1-f69.google.com with SMTP id m4so2600742wmi.5 for ; Thu, 06 Feb 2020 05:12:58 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nU82ZHZptAFpbrkz0dlfioRCEDi4mgbZvbBpHkPRli0=; b=YYi78+iKQDbVHMerqQGacjQNN/N8w7d1MOxt5UtYG92S1nvbULqxQdWpXKfqNZlMNU gJG1bxx1pp4h0GaaGxkThxjvyivi8Kpl/eKfmF2ebgNfatRFfpo2KtJZLOCSMpnHmY2T 8qboC3U/Y5RqqTOzxl6HerFsFhbMndpoO1S6jpJpVEOwCUMmkOSeyIhYScIAVOq++6ii ytsbg2jE0HaQed1gWNulawaqXCLzJsXl8p3sSYIcfTj4FHxw97qU6a6jcWKAhpOYd5HD uYdtNRzYrUH5W4jaVgN0AEul3jenGQH5PN32tKZceYzcMHRabPMBRz+5g+DQ3b1o9YcY M60g== X-Gm-Message-State: APjAAAU6xorxRaMI8DXThqbSuXWn5Ff44jXdtDiRoyUBPJxO7+zTKt9T jarSANqYnPCzrZtSN9QwuErR0KzuFYQjKwR39VDl5mrofAJY8c6UocnZmc6ZYCBOiAQYaBoGq1h zdc1kdc+8xiR0TCYHqA== X-Received: by 2002:a1c:6308:: with SMTP id x8mr4629047wmb.80.1580994777010; Thu, 06 Feb 2020 05:12:57 -0800 (PST) X-Google-Smtp-Source: APXvYqwoiQPrYBa4JRdxl8CEmtWxr14K8dPlemRHZS4N3t3098cfpTVvnC8FY3f4r6M7PTcqn36CGw== X-Received: by 2002:a1c:6308:: with SMTP id x8mr4629011wmb.80.1580994776605; Thu, 06 Feb 2020 05:12:56 -0800 (PST) Received: from omos.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id h13sm4506472wrw.54.2020.02.06.05.12.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Feb 2020 05:12:55 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Cc: Petr Lautrbach Subject: [RFC PATCH 1/2] libsemanage: support changing policy version via API Date: Thu, 6 Feb 2020 14:12:52 +0100 Message-Id: <20200206131253.535302-2-omosnace@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200206131253.535302-1-omosnace@redhat.com> References: <20200206131253.535302-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org This change will be needed to support explicly specifying the policy version in semodule (in a subsequent patch). Signed-off-by: Ondrej Mosnacek --- libsemanage/include/semanage/handle.h | 6 +++ libsemanage/src/direct_api.c | 9 ++++- libsemanage/src/handle.c | 24 ++++++++++++ libsemanage/src/handle.h | 1 + libsemanage/src/libsemanage.map | 6 +++ libsemanage/src/semanage_store.c | 54 ++++++++++++++++----------- libsemanage/src/semanage_store.h | 6 ++- 7 files changed, 81 insertions(+), 25 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index 946d69bc..70b37863 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -85,6 +85,12 @@ extern void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disab /* Set whether or not to execute setfiles to check file contexts upon commit */ extern void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts); +/* Get the kernel policy version. */ +extern unsigned semanage_get_policyvers(semanage_handle_t *sh); + +/* Set the kernel policy version. */ +extern int semanage_set_policyvers(semanage_handle_t *sh, unsigned policyvers); + /* Get the default priority. */ extern uint16_t semanage_get_default_priority(semanage_handle_t *sh); diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c index 1088a0ac..78c40018 100644 --- a/libsemanage/src/direct_api.c +++ b/libsemanage/src/direct_api.c @@ -1204,6 +1204,7 @@ static int semanage_direct_commit(semanage_handle_t * sh) size_t fc_buffer_len = 0; const char *ofilename = NULL; const char *path; + char kernel_path[PATH_MAX]; int retval = -1, num_modinfos = 0, i; sepol_policydb_t *out = NULL; struct cil_db *cildb = NULL; @@ -1593,9 +1594,13 @@ rebuild: if (retval < 0) goto cleanup; + if (semanage_get_full_kernel_path(sh, SEMANAGE_FINAL_TMP, kernel_path)) { + ERR(sh, "Unable to build path to kernel policy."); + goto cleanup; + } + retval = semanage_copy_file(semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL), - semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL), - sh->conf->file_mode); + kernel_path, sh->conf->file_mode); if (retval < 0) { goto cleanup; } diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index 5e59aef7..78818930 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -81,6 +81,9 @@ semanage_handle_t *semanage_handle_create(void) goto err; sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh); + /* Default policy version is taken from config */ + sh->policyvers = sh->conf->policyvers; + /* Default priority is 400 */ sh->priority = 400; @@ -246,6 +249,27 @@ void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts) return; } +unsigned semanage_get_policyvers(semanage_handle_t *sh) +{ + assert(sh != NULL); + return sh->policyvers; +} + +int semanage_set_policyvers(semanage_handle_t *sh, unsigned policyvers) +{ + assert(sh != NULL); + + /* Verify policy version */ + if ( policyvers < POLICYDB_VERSION_MIN + || policyvers > POLICYDB_VERSION_MAX) { + ERR(sh, "Policy version %u is invalid.", policyvers); + return -1; + } + + sh->policyvers = policyvers; + return 0; +} + uint16_t semanage_get_default_priority(semanage_handle_t *sh) { assert(sh != NULL); diff --git a/libsemanage/src/handle.h b/libsemanage/src/handle.h index a91907b0..ee389226 100644 --- a/libsemanage/src/handle.h +++ b/libsemanage/src/handle.h @@ -57,6 +57,7 @@ struct semanage_handle { semanage_conf_t *conf; + unsigned policyvers; uint16_t priority; int is_connected; int is_in_transaction; diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index 02036696..8c05b9ad 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -63,3 +63,9 @@ LIBSEMANAGE_1.1 { semanage_module_remove_key; semanage_set_store_root; } LIBSEMANAGE_1.0; + +LIBSEMANAGE_1.2 { + global: + semanage_get_policyvers; + semanage_set_policyvers; +} LIBSEMANAGE_1.1; diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 58dded6e..52217be7 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -277,9 +277,7 @@ cleanup: static int semanage_init_final_suffix(semanage_handle_t *sh) { - int ret = 0; int status = 0; - char path[PATH_MAX]; size_t offset = strlen(selinux_policy_root()); semanage_final_suffix[SEMANAGE_FINAL_TOPLEVEL] = strdup(""); @@ -350,19 +348,9 @@ static int semanage_init_final_suffix(semanage_handle_t *sh) goto cleanup; } - ret = snprintf(path, - sizeof(path), - "%s.%d", - selinux_binary_policy_path() + offset, - sh->conf->policyvers); - if (ret < 0 || ret >= (int)sizeof(path)) { - ERR(sh, "Unable to compose policy binary path."); - status = -1; - goto cleanup; - } - - semanage_final_suffix[SEMANAGE_KERNEL] = strdup(path); - if (semanage_final_suffix[SEMANAGE_KERNEL] == NULL) { + semanage_final_suffix[SEMANAGE_KERNEL_PREFIX] = + strdup(selinux_binary_policy_path() + offset); + if (semanage_final_suffix[SEMANAGE_KERNEL_PREFIX] == NULL) { ERR(sh, "Unable to allocate space for policy binary path."); status = -1; goto cleanup; @@ -503,6 +491,20 @@ const char *semanage_final_path(enum semanage_final_defs store, return semanage_final_paths[store][path_name]; } +/* Return a fully-qualified path + filename to kernel policy for the given + * semanage store. + */ +int semanage_get_full_kernel_path(semanage_handle_t * sh, + enum semanage_final_defs root, + char out[PATH_MAX]) +{ + int ret = snprintf(out, PATH_MAX, "%s.%u", + semanage_final_path(root, SEMANAGE_KERNEL_PREFIX), + sh->policyvers); + + return ret < 0 || ret >= PATH_MAX ? -1 : 0; +} + /* Return a fully-qualified path + filename to the semanage * configuration file. If semanage.conf file in the semanage * root is cannot be read, use the default semanage.conf as a @@ -1568,12 +1570,16 @@ static int semanage_validate_and_compile_fcontexts(semanage_handle_t * sh) int status = -1; if (sh->do_check_contexts) { + char path[PATH_MAX]; int ret; + + if (semanage_get_full_kernel_path(sh, SEMANAGE_FINAL_TMP, path)) { + ERR(sh, "Unable to build path to kernel policy."); + goto cleanup; + } + ret = semanage_exec_prog( - sh, - sh->conf->setfiles, - semanage_final_path(SEMANAGE_FINAL_TMP, - SEMANAGE_KERNEL), + sh, sh->conf->setfiles, path, semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC)); if (ret != 0) { @@ -2233,15 +2239,19 @@ int semanage_verify_linked(semanage_handle_t * sh) int semanage_verify_kernel(semanage_handle_t * sh) { int retval = -1; - const char *kernel_filename = - semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_KERNEL); + char path[PATH_MAX]; semanage_conf_t *conf = sh->conf; external_prog_t *e; + if (conf->kernel_prog == NULL) { return 0; } + if (semanage_get_full_kernel_path(sh, SEMANAGE_FINAL_TMP, path)) { + ERR(sh, "Unable to build path to kernel policy."); + goto cleanup; + } for (e = conf->kernel_prog; e != NULL; e = e->next) { - if (semanage_exec_prog(sh, e, kernel_filename, "$<") != 0) { + if (semanage_exec_prog(sh, e, path, "$<") != 0) { goto cleanup; } } diff --git a/libsemanage/src/semanage_store.h b/libsemanage/src/semanage_store.h index 34bf8523..d5567782 100644 --- a/libsemanage/src/semanage_store.h +++ b/libsemanage/src/semanage_store.h @@ -81,7 +81,7 @@ enum semanage_final_path_defs { SEMANAGE_FC_HOMEDIRS_BIN, SEMANAGE_FC_LOCAL, SEMANAGE_FC_LOCAL_BIN, - SEMANAGE_KERNEL, + SEMANAGE_KERNEL_PREFIX, SEMANAGE_NC, SEMANAGE_SEUSERS, SEMANAGE_FINAL_PATH_NUM @@ -102,6 +102,10 @@ extern const char *semanage_path(enum semanage_store_defs store, extern const char *semanage_final_path(enum semanage_final_defs root, enum semanage_final_path_defs suffix); +int semanage_get_full_kernel_path(semanage_handle_t * sh, + enum semanage_final_defs root, + char out[PATH_MAX]); + int semanage_create_store(semanage_handle_t * sh, int create); int semanage_store_access_check(void); From patchwork Thu Feb 6 13:12:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11368417 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5BE7C109A for ; Thu, 6 Feb 2020 13:13:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3B2AB21775 for ; Thu, 6 Feb 2020 13:13:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="fPTpjVER" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727325AbgBFNND (ORCPT ); Thu, 6 Feb 2020 08:13:03 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:26177 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727361AbgBFNNC (ORCPT ); Thu, 6 Feb 2020 08:13:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1580994781; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7v5BlLtIsQ3PnHA53VkvitgHN4RCREqXcZqZQ+LdmFE=; b=fPTpjVERMbh+80uEKo9VgOJphIJAyG5x4IFCOIo+qRk0RIm2Jw9GRNeniB4xZK6VEfeX9z A18NidROY/ym5oiySbo2D4nEpRypvQ+lKAWnUUwYPte2qQ8Ne+C1JYSOMLzkSdkR6g/wfY iezvl59I4v27p4eOknbz8VoQDbUG6NE= Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-298-S6r88QZ7Ocua9YDEVJ1WRQ-1; Thu, 06 Feb 2020 08:12:59 -0500 X-MC-Unique: S6r88QZ7Ocua9YDEVJ1WRQ-1 Received: by mail-wr1-f70.google.com with SMTP id u18so3332701wrn.11 for ; Thu, 06 Feb 2020 05:12:59 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7v5BlLtIsQ3PnHA53VkvitgHN4RCREqXcZqZQ+LdmFE=; b=rau8potArMXpDMGgjBCZDPesST5ind4WTu5OGLPBarTZvGsJRg8DXIxtJ4DuH7zDL7 OnaEhi8cB3YjcdHIZGipSj5iueNdXiXMWwZDtGoMYtXC8NICQn1AvoW7L5wQJHOL7fqa 4ZE4l/Tz6nYOXIS+pHj+ClRmwAGAIBqtOb1/5fAjbd/hlT0ApKqIqBWnPBSiowSb3++N FFmd1K4X31H58ny1i416cvPw1AYcTMe+OKD2x65VtZc50X2JIKtzUuDfNTvn2o3VP0jt 4VEV8V6f2zMlX5MB5rNzuT2BNwboqZKrSSiosjPrb6LX5V/AYY+aOVCqp85yt4b7kFus cRJA== X-Gm-Message-State: APjAAAWHfc4ApR8dBofSiMg8l2JdR7+MjR90VqQ8XNVyK9zpkojgYU1A +1plvruIrQy+v21vgCustg/E9893ulPbloyT/D99sQRd6saFMm+WcXn8rfvKxTGCo3CfWovh9xb 5RtO+a7RzKqMesduVxw== X-Received: by 2002:a5d:4651:: with SMTP id j17mr3792307wrs.237.1580994777762; Thu, 06 Feb 2020 05:12:57 -0800 (PST) X-Google-Smtp-Source: APXvYqy4mTSyXne9MKHci6ii6jvDjAA2IBqbg5dksqfIvwBIhKuvWCwFVZrif37TtBJytnrKVqzVCQ== X-Received: by 2002:a5d:4651:: with SMTP id j17mr3792284wrs.237.1580994777482; Thu, 06 Feb 2020 05:12:57 -0800 (PST) Received: from omos.redhat.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id h13sm4506472wrw.54.2020.02.06.05.12.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Feb 2020 05:12:56 -0800 (PST) From: Ondrej Mosnacek To: selinux@vger.kernel.org Cc: Petr Lautrbach Subject: [RFC PATCH 2/2] semodule: support changing policyvers via command line Date: Thu, 6 Feb 2020 14:12:53 +0100 Message-Id: <20200206131253.535302-3-omosnace@redhat.com> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200206131253.535302-1-omosnace@redhat.com> References: <20200206131253.535302-1-omosnace@redhat.com> MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When using semodule for building a distribution policy package (as Fedora does), the environment might not have selinuxfs available and provide no way to modify semanage.conf. When we want to build a policy with version X (because our kernel doesn't support X+1 and above yet), but our libsepol already has support for X+1, then we currently have no way to do so. To resolve this, add a new command-line argument to semodule, which allows to override the system-wide configured version to a different one. Signed-off-by: Ondrej Mosnacek --- policycoreutils/semodule/semodule.8 | 3 +++ policycoreutils/semodule/semodule.c | 12 +++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 index 18d4f708..88e027fd 100644 --- a/policycoreutils/semodule/semodule.8 +++ b/policycoreutils/semodule/semodule.8 @@ -64,6 +64,9 @@ A module is extracted as HLL by default. The name of the module written is . .SH "OPTIONS" .TP +.B \-V,\-\-policyvers +force specific kernel policy version +.TP .B \-s,\-\-store name of the store to operate on .TP diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index a1f75e16..30c4495b 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -50,6 +50,8 @@ static int build; static int disable_dontaudit; static int preserve_tunables; static int ignore_module_cache; +static unsigned policyvers; +static int policyvers_set = 0; static uint16_t priority; static int priority_set = 0; @@ -137,6 +139,7 @@ static void usage(char *progname) printf(" -d,--disable=MODULE_NAME disable module\n"); printf(" -E,--extract=MODULE_NAME extract module\n"); printf("Options:\n"); + printf(" -V,--policyvers force specific kernel policy version\n"); printf(" -s,--store name of the store to operate on\n"); printf(" -N,-n,--noreload do not reload policy after commit\n"); printf(" -h,--help print this message and quit\n"); @@ -210,7 +213,7 @@ static void parse_command_line(int argc, char **argv) no_reload = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts, + getopt_long(argc, argv, "V:s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cH", opts, NULL)) != -1) { switch (i) { case 'b': @@ -248,6 +251,10 @@ static void parse_command_line(int argc, char **argv) fprintf(stderr, "The --upgrade option is deprecated. Use --install instead.\n"); set_mode(INSTALL_M, optarg); break; + case 'V': + policyvers = (unsigned)strtoul(optarg, NULL, 10); + policyvers_set = 1; + break; case 's': set_store(optarg); break; @@ -363,6 +370,9 @@ int main(int argc, char *argv[]) goto cleanup_nohandle; } + if (policyvers_set) + semanage_set_policyvers(sh, policyvers); + if (store) { /* Set the store we want to connect to, before connecting. * this will always set a direct connection now, an additional