From patchwork Wed Apr 12 21:04:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209511 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3D81C77B6C for ; Wed, 12 Apr 2023 21:04:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230245AbjDLVEX (ORCPT ); Wed, 12 Apr 2023 17:04:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37034 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230126AbjDLVEO (ORCPT ); Wed, 12 Apr 2023 17:04:14 -0400 Received: from mail-qv1-xf29.google.com (mail-qv1-xf29.google.com [IPv6:2607:f8b0:4864:20::f29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D2E183CB for ; Wed, 12 Apr 2023 14:04:13 -0700 (PDT) Received: by mail-qv1-xf29.google.com with SMTP id z3so4641750qvs.8 for ; Wed, 12 Apr 2023 14:04:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333450; x=1683925450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=i9CxkTezS9nFck5eyA2sZsFsgMGorv7xdhQJZI5fJZw=; b=UEp6mAOZv7PHknT3as6fONLEnTJ0qhFbOJuErLpWVCUn+WUsYT4mBKmyCW2VGA0bFg iV4MFoLViPA+UXXOGmzzYP3E+IlG2vAL8SFhFMGvPcgA6ZAqwUyDlldtowMq3zAzfy66 7BHcv1C75CLvEIQKa7m3KcV9IdrQ7+qRt/N6VkFgu6bELc+2k2s0EErjXmj+kCvBIbp5 rLkluKtwwWUqlROB1DuQPlYtZmG6U6FjkYmZZQ5J+BLnRDcF68lH3i0KLwjhFFJc9J2J MD0Slw/rqjBsrdNEeJ6TG8xd7tfNR25U78o/sT1gjM58+UcGdFucFFLsqJzw7YDQweRo tXCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333450; x=1683925450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i9CxkTezS9nFck5eyA2sZsFsgMGorv7xdhQJZI5fJZw=; b=WT7Pj9vKs2fy4cwLXThcnTsxQIdtqj8Mi4LFlZGD6Hn7dtonpD+4TWWqJb5CgTnS0i nP957QnZzTHHCeTVVqih/k0+tPNr5nPBOgoJlBUPiF98JXsHgKpCvli8belNLcbI9mdX W2v+SjjVRchQqsoKN+3j07+u79KtU0TQ+8ZPkIy4VrwP5xe0YM0/ACzzfkRnAQysjdBe qbyfWfTOQIUJOss+C6nWl1N1l3MncUnCrPqYMYo6Cnw1eTJEF2Abws3gCXss5tuDHPiQ plsqDliTsdxuEBMV7ba0IDkLDbD97zs3C8e48nu8CUNuz2yZm7Li4K9AVrCFzDgY44p6 zHAQ== X-Gm-Message-State: AAQBX9fvL5qO37riujL3sddw+pnElCxOJ2EjfqXRrc+1QaADeq+fperX +dL2AJ8KaxEwh7m98/O0hGpkg/P5L2g= X-Google-Smtp-Source: AKy350ZGVFRBFs4oB3WOCHI6pL8qGMdK3huVPEsDNRv0Kh9KcqWf2/QBKn4++XJVl5E0SRQowjNTNw== X-Received: by 2002:a05:6214:1c8e:b0:5ee:e4bc:a5a with SMTP id ib14-20020a0562141c8e00b005eee4bc0a5amr12658804qvb.17.1681333449782; Wed, 12 Apr 2023 14:04:09 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:09 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com, James Carter Subject: [PATCH 1/6] libsepol: Changes to ebitmap.h to fix compiler warnings Date: Wed, 12 Apr 2023 17:04:01 -0400 Message-Id: <20230412210406.522892-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When compiling with the "-Wnull-dereference" flag, the compiler is not smart enough to realize that anytime the ebitmap_t node field is NULL, the highbit field will equal 0. This causes false positive warnings to be generated. Change the ebitmap_is_empty() and ebitmap_length() macros to check for the node being NULL instead of just relying on the value of highbit to eliminate these false warnings. Signed-off-by: James Carter --- libsepol/include/sepol/policydb/ebitmap.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libsepol/include/sepol/policydb/ebitmap.h b/libsepol/include/sepol/policydb/ebitmap.h index 85b7ccfb..f3164781 100644 --- a/libsepol/include/sepol/policydb/ebitmap.h +++ b/libsepol/include/sepol/policydb/ebitmap.h @@ -39,8 +39,8 @@ typedef struct ebitmap { uint32_t highbit; /* highest position in the total bitmap */ } ebitmap_t; -#define ebitmap_is_empty(e) (((e)->highbit) == 0) -#define ebitmap_length(e) ((e)->highbit) +#define ebitmap_is_empty(e) (((e)->node) == NULL) +#define ebitmap_length(e) ((e)->node ? (e)->highbit : 0) #define ebitmap_startbit(e) ((e)->node ? (e)->node->startbit : 0) #define ebitmap_startnode(e) ((e)->node) From patchwork Wed Apr 12 21:04:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209512 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB61DC77B6C for ; Wed, 12 Apr 2023 21:04:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230332AbjDLVE2 (ORCPT ); Wed, 12 Apr 2023 17:04:28 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37062 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230136AbjDLVEQ (ORCPT ); Wed, 12 Apr 2023 17:04:16 -0400 Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7DA5683D5 for ; Wed, 12 Apr 2023 14:04:14 -0700 (PDT) Received: by mail-qv1-xf2f.google.com with SMTP id o7so9772746qvs.0 for ; Wed, 12 Apr 2023 14:04:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333450; x=1683925450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=QVp13DBBQSoGrp6dwy9+yC8OUCGE1HeNdpOjesuTIm0=; b=OtAu5OMRHzIMxC0rlriTjMR3RlvwYuESOMykyDqWtdaFnddCvtIYlJzd+xnCcBrGhY Hu26vzLF15i2rwcnq9QXtlhKiZ+BzuWpIuFvOhzVc4wwVfUfqZpKxEsdIwvh29t3AlWw pYrH/PChnnZtvtT4Ap/KO9H/CA2sKL9Se32VEMvn4+XoXuJOpaWjE9jyxUmI4ys1Zp2d Wo1udBOq27rBTD0rf0rfUqh8/FeA91jAtntpI2UDXIoK1FaoN2PeZxDn0nx4BKdCef15 zVqmNhIlaobGlwM/zUSeZ4UJ+K4indKNnax0QLifNJ6XgqgT/VbfrBew/CA6CL70AfhS rIvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333450; x=1683925450; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QVp13DBBQSoGrp6dwy9+yC8OUCGE1HeNdpOjesuTIm0=; b=lBbQWXuYFHsP9uK/42JzzucQJcKwYavECcICrdpf8rCisydxji4GodPYmsThfeVbcB YfaDL1D+JXI7aQTIdxagn0VHv4tuljawtJtxP/GBAA70NG90ZZZSU0eBzNHgRZUwmcHq cOj/aaTCCcs4wULNMCSORlWleGnYO/TZ6RXlUfQERZi4s+Fa+RZhjpFbhl9DXLiD9Sx7 Oy1x3YMQvze2RcIXJb69zkY6XK7qtjjbyB8v6OnczBellMuJMaBtGRDoVROYrYm871/P sHzBLVyBr4tzeXWAbxYaj7q31QxnZd6JRq5z1pN+8SJGtSkQSIbcnMDw7UfYYLi7u47T 7Pdw== X-Gm-Message-State: AAQBX9f41uftJQl4y69w8cEw654Nf14cf3UFtp7pDX4qgnVdOycEQW2R AwoGFc06vGGtLSjpbgTE7kBE4ozEw8s= X-Google-Smtp-Source: AKy350bJDM9K1XMi2zSMuE0pvfmHZ7dwIvWYUZjqMocmmL1H7tzLDmZwJH8MuXkhg4gOuoKdBMkCXg== X-Received: by 2002:a05:6214:21ae:b0:5ef:4c85:2cd0 with SMTP id t14-20020a05621421ae00b005ef4c852cd0mr176900qvc.36.1681333450612; Wed, 12 Apr 2023 14:04:10 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:10 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com, James Carter Subject: [PATCH 2/6] libsepol/cil: Do not call ebitmap_init twice for an ebitmap Date: Wed, 12 Apr 2023 17:04:02 -0400 Message-Id: <20230412210406.522892-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org While it does no harm to call ebitmap_init() twice for an ebitmap, since it is just memsetting the ebitmap to 0, it is poor practice. In the function cil_type_matches() in cil_find.c, either ebitmap_and() or ebitmap_set_bit() will be called. The function ebitmap_and() will call ebitmap_init() on the destination ebitmap, but ebitmap_set_bit() does not. Instead of calling ebitmap_init() before the call to cil_type_matches(), let cil_type_matches() make the call if it is going to call ebitmap_set_bit(). It can also call ebitmap_destroy() on an error. Since we are removing the call to ebitmap_init() in cil_self_match_any(), cleanup some other things in the function (like using the FLAVOR() macro and using ebitmap_is_empty()). Signed-off-by: James Carter --- libsepol/cil/src/cil_find.c | 60 +++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 29 deletions(-) diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c index 8b755277..0246d133 100644 --- a/libsepol/cil/src/cil_find.c +++ b/libsepol/cil/src/cil_find.c @@ -85,29 +85,34 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str enum cil_flavor f1 = FLAVOR(d1); enum cil_flavor f2 = FLAVOR(d2); - if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { - struct cil_type *t1 = (struct cil_type *)d1; - struct cil_type *t2 = (struct cil_type *)d2; - if (t1->value == t2->value) { - ebitmap_set_bit(matches, t1->value, 1); - } - } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { - struct cil_typeattribute *a = (struct cil_typeattribute *)d1; - struct cil_type *t = (struct cil_type *)d2; - if (ebitmap_get_bit(a->types, t->value)) { - ebitmap_set_bit(matches, t->value, 1); - } - } else if (f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) { - struct cil_type *t = (struct cil_type *)d1; - struct cil_typeattribute *a = (struct cil_typeattribute *)d2; - if (ebitmap_get_bit(a->types, t->value)) { - ebitmap_set_bit(matches, t->value, 1); - } - } else { - /* Both are attributes */ + if (f1 == CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) { struct cil_typeattribute *a1 = (struct cil_typeattribute *)d1; struct cil_typeattribute *a2 = (struct cil_typeattribute *)d2; rc = ebitmap_and(matches, a1->types, a2->types); + } else { + ebitmap_init(matches); + if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { + struct cil_type *t1 = (struct cil_type *)d1; + struct cil_type *t2 = (struct cil_type *)d2; + if (t1->value == t2->value) { + rc = ebitmap_set_bit(matches, t1->value, 1); + } + } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *a = (struct cil_typeattribute *)d1; + struct cil_type *t = (struct cil_type *)d2; + if (ebitmap_get_bit(a->types, t->value)) { + rc = ebitmap_set_bit(matches, t->value, 1); + } + } else { // f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE + struct cil_type *t = (struct cil_type *)d1; + struct cil_typeattribute *a = (struct cil_typeattribute *)d2; + if (ebitmap_get_bit(a->types, t->value)) { + rc = ebitmap_set_bit(matches, t->value, 1); + } + } + if (rc != SEPOL_OK) { + ebitmap_destroy(matches); + } } return rc; @@ -115,31 +120,28 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str /* s1 is the src type that is matched with a self * s2, and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 */ static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) { int rc; - struct cil_tree_node *n1 = NODE(s1); - if (n1->flavor != CIL_TYPEATTRIBUTE) { + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { rc = cil_type_match_any(s1, t2); } else { struct cil_typeattribute *a = (struct cil_typeattribute *)s1; ebitmap_t map; - ebitmap_init(&map); rc = cil_type_matches(&map, s2, t2); if (rc < 0) { - ebitmap_destroy(&map); - goto exit; + return rc; } - if (map.node == NULL) { - rc = CIL_FALSE; - goto exit; + if (ebitmap_is_empty(&map)) { + return CIL_FALSE; } rc = ebitmap_match_any(&map, a->types); ebitmap_destroy(&map); } -exit: return rc; } From patchwork Wed Apr 12 21:04:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209514 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 17B72C7619A for ; Wed, 12 Apr 2023 21:04:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230155AbjDLVEe (ORCPT ); Wed, 12 Apr 2023 17:04:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230266AbjDLVES (ORCPT ); Wed, 12 Apr 2023 17:04:18 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0ADCE83DA for ; Wed, 12 Apr 2023 14:04:16 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id m16so1889944qvx.9 for ; Wed, 12 Apr 2023 14:04:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333451; x=1683925451; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LRlw+fFEBYwwgwzUYN5wJ/iMjjVea1laQ3UK0vuczEM=; b=aAst9zLVHkLXo9WQS2b4B3FMpx0ycriChbQ4nqHHH2zw4J/mbqMQi8U8qvsue1p4sM L80V4q/b1OqeGLjbxi3R5MFrJ3ft3mMppcn/I2+rTSKUwZpXuxx9uQV1+xHlQexYKlls VHH0uhi2kwspHaWSEkNUDEnu2kVqNGTDbP6QTnjBNRNLKBuveble42JCJ6OfQcVpo1pC xN6V/4r9FVq0oMRPg+gHNAdh9JkL96efMWN6VgRQy0Qe3DjzRlwDSy5jVA6OwSSkhxc6 fzkHnHBSEMC09Vf2I9ulFz7sJQXtv0OXaM2iIxcuaPjitlxoaZJo2LpChLzRVI5YC2PM y4og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333451; x=1683925451; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LRlw+fFEBYwwgwzUYN5wJ/iMjjVea1laQ3UK0vuczEM=; b=awUe7lb4fRXPf6pFrqEL8d0CEbYIRUmrfJU9P1KuuEyuf9ZPaVwq0aPwPZQqjU+4nK S1RYMoyHw4HgcYfqQ2lmy5FLXtAOVnywvl2WcfGZZSydttxfbsOmwSURkj0LVIgDOoJ6 CP/Gt/vFZthKMBFarpmH8L50ZfQLRoTKr4AZzu4tekaKMR/nT1yGl16yOQUnXpjxFSrO 7RieT8yCp5I/NXh8aFRvMxvHXeKZb+KEj64F6gHdOrHrnjQ4IE3JEwHNKpIRfQTvv25z d5p6BPUk9RIbpgBV/3P7L9d1cefyLrbA+Fp+cfNCFkHrQaw3zsOmstBfUX4J4CGplLLs tDKg== X-Gm-Message-State: AAQBX9fkCstY43nM2B2geQa0/vzYdAXc31o6c7w0PsQ7FuMBU+YprkMB bcj/ibRzZZVfSiiwcZ2yd0wyV6Vf268= X-Google-Smtp-Source: AKy350YXXVf3tGC0MpzJk2HOY4QG40wZMNBQ/CrD2ACUKGjvm5HpWZ6ncK1rtHMmWQgTs1ZViMBQCw== X-Received: by 2002:a05:6214:23ce:b0:56e:98a1:fff1 with SMTP id hr14-20020a05621423ce00b0056e98a1fff1mr35230686qvb.7.1681333451318; Wed, 12 Apr 2023 14:04:11 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:10 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com, James Carter Subject: [PATCH 3/6] libsepol/cil: Add notself and other support to CIL Date: Wed, 12 Apr 2023 17:04:03 -0400 Message-Id: <20230412210406.522892-4-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Like "self", both of these reserved words can be used as a target in an access vector rule. "notself" means all types other than the source type. "other" is meant to be used with an attribute and its use results in the rule being expanded with each type of the attribute being used as the source type with each of the other types being used as the target type. Using "other" with just a type will result in no rule. Example 1 (allow TYPE1 notself (CLASS (PERM))) This rule is expanded to a number of rules with TYPE1 as the source and every type except for TYPE1 as the target. Example 2 (allow ATTR1 notself (CLASS (PERM))) Like Example 1, this rule will be expanded to each type in ATTR1 being the source with every type except for the type used as the source being the target. Example 3 (allow TYPE1 other (CLASS (PERM))) This expands to no rule. Example 4 (allow ATTR1 other (CLASS (PERM))) Like Example 2, but the target types will be limited to the types in the attribute ATTR1 instead of all types. So if ATTR1 has the type t1, t2, and t3, then this rule expands to the following rules. (allow t1 t2 (CLASS (PERM))) (allow t1 t3 (CLASS (PERM))) (allow t2 t1 (CLASS (PERM))) (allow t2 t3 (CLASS (PERM))) (allow t3 t1 (CLASS (PERM))) (allow t3 t2 (CLASS (PERM))) Signed-off-by: James Carter --- libsepol/cil/src/cil.c | 12 ++ libsepol/cil/src/cil_binary.c | 91 +++++++++++++- libsepol/cil/src/cil_build_ast.c | 10 +- libsepol/cil/src/cil_find.c | 188 ++++++++++++++++++++++++++--- libsepol/cil/src/cil_internal.h | 4 + libsepol/cil/src/cil_resolve_ast.c | 4 + libsepol/cil/src/cil_verify.c | 3 +- 7 files changed, 289 insertions(+), 23 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index 38edcf8e..ed97ff44 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -84,6 +84,8 @@ char *CIL_KEY_CONS_INCOMP; char *CIL_KEY_CONDTRUE; char *CIL_KEY_CONDFALSE; char *CIL_KEY_SELF; +char *CIL_KEY_NOTSELF; +char *CIL_KEY_OTHER; char *CIL_KEY_OBJECT_R; char *CIL_KEY_STAR; char *CIL_KEY_TCP; @@ -253,6 +255,8 @@ static void cil_init_keys(void) CIL_KEY_CONDTRUE = cil_strpool_add("true"); CIL_KEY_CONDFALSE = cil_strpool_add("false"); CIL_KEY_SELF = cil_strpool_add("self"); + CIL_KEY_NOTSELF = cil_strpool_add("notself"); + CIL_KEY_OTHER = cil_strpool_add("other"); CIL_KEY_OBJECT_R = cil_strpool_add("object_r"); CIL_KEY_STAR = cil_strpool_add("*"); CIL_KEY_UDP = cil_strpool_add("udp"); @@ -430,6 +434,12 @@ void cil_db_init(struct cil_db **db) cil_type_init(&(*db)->selftype); (*db)->selftype->datum.name = CIL_KEY_SELF; (*db)->selftype->datum.fqn = CIL_KEY_SELF; + cil_type_init(&(*db)->notselftype); + (*db)->notselftype->datum.name = CIL_KEY_NOTSELF; + (*db)->notselftype->datum.fqn = CIL_KEY_NOTSELF; + cil_type_init(&(*db)->othertype); + (*db)->othertype->datum.name = CIL_KEY_OTHER; + (*db)->othertype->datum.fqn = CIL_KEY_OTHER; (*db)->num_types_and_attrs = 0; (*db)->num_classes = 0; (*db)->num_types = 0; @@ -483,6 +493,8 @@ void cil_db_destroy(struct cil_db **db) cil_list_destroy(&(*db)->names, CIL_TRUE); cil_destroy_type((*db)->selftype); + cil_destroy_type((*db)->notselftype); + cil_destroy_type((*db)->othertype); cil_strpool_destroy(); free((*db)->val_to_type); diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 40615db2..38cba333 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -1519,6 +1519,46 @@ static int __cil_avrule_to_avtab(policydb_t *pdb, const struct cil_db *db, struc } } ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + for (t = 0; t < (unsigned int)db->num_types; t++) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_OTHER) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + ebitmap_for_each_positive_bit(&src_bitmap, tnode, t) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrule_expand(pdb, kind, src, tgt, classperms, cond_node, cond_flavor); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); } else { int expand_src = __cil_should_expand_attribute(db, src); int expand_tgt = __cil_should_expand_attribute(db, tgt); @@ -1875,10 +1915,51 @@ static int cil_avrulex_to_hashtable(policydb_t *pdb, const struct cil_db *db, st src = DATUM(db->val_to_type[s]); rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, src, cil_avrulex->perms.x.permx, args); if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); goto exit; } } ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + for (t = 0; t < (unsigned int)db->num_types; t++) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); + } else if (tgt->fqn == CIL_KEY_OTHER) { + rc = __cil_expand_type(src, &src_bitmap); + if (rc != SEPOL_OK) { + goto exit; + } + + ebitmap_for_each_positive_bit(&src_bitmap, snode, s) { + src = DATUM(db->val_to_type[s]); + ebitmap_for_each_positive_bit(&src_bitmap, tnode, t) { + if (s != t) { + tgt = DATUM(db->val_to_type[t]); + rc = __cil_avrulex_to_hashtable_helper(pdb, kind, src, tgt, cil_avrulex->perms.x.permx, args); + if (rc != SEPOL_OK) { + ebitmap_destroy(&src_bitmap); + goto exit; + } + } + } + } + ebitmap_destroy(&src_bitmap); } else { int expand_src = __cil_should_expand_attribute(db, src); int expand_tgt = __cil_should_expand_attribute(db, tgt); @@ -4813,8 +4894,16 @@ static int cil_check_neverallow(const struct cil_db *db, policydb_t *pdb, struct if (tgt->fqn == CIL_KEY_SELF) { rule->flags = RULE_SELF; + } else if (tgt->fqn == CIL_KEY_NOTSELF) { + rule->flags = RULE_NOTSELF; + } else if (tgt->fqn == CIL_KEY_OTHER) { + rule->flags = RULE_NOTSELF; + rc = __cil_add_sepol_type(pdb, db, cil_rule->src, &rule->ttypes.types); + if (rc != SEPOL_OK) { + goto exit; + } } else { - rc = __cil_add_sepol_type(pdb, db, cil_rule->tgt, &rule->ttypes.types); + rc = __cil_add_sepol_type(pdb, db, tgt, &rule->ttypes.types); if (rc != SEPOL_OK) { goto exit; } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 4177c9f6..ca9f80c7 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -3126,9 +3126,13 @@ int cil_gen_aliasactual(struct cil_db *db, struct cil_tree_node *parse_current, goto exit; } - if ((flavor == CIL_TYPEALIAS && parse_current->next->data == CIL_KEY_SELF) || parse_current->next->next->data == CIL_KEY_SELF) { - cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF); - rc = SEPOL_ERR; + rc = cil_verify_name(db, parse_current->next->data, flavor); + if (rc != SEPOL_OK) { + goto exit; + } + + rc = cil_verify_name(db, parse_current->next->next->data, flavor); + if (rc != SEPOL_OK) { goto exit; } diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c index 0246d133..11aa296e 100644 --- a/libsepol/cil/src/cil_find.c +++ b/libsepol/cil/src/cil_find.c @@ -145,6 +145,132 @@ static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_dat return rc; } +/* s1 is the src type that is matched with a notself + * s2 and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 + */ +static int cil_notself_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) +{ + int rc; + ebitmap_node_t *snode, *tnode; + unsigned int s,t; + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { + struct cil_type *ts1 = (struct cil_type *)s1; + if (FLAVOR(t2) != CIL_TYPEATTRIBUTE) { + struct cil_type *tt2 = (struct cil_type *)t2; + if (ts1->value != tt2->value) { + return CIL_TRUE; + } + } else { + struct cil_typeattribute *at2 = (struct cil_typeattribute *)t2; + ebitmap_for_each_positive_bit(at2->types, tnode, t) { + if (t != (unsigned int)ts1->value) { + return CIL_TRUE; + } + } + } + } else { + ebitmap_t smap; + rc = cil_type_matches(&smap, s1, s2); + if (rc < 0) { + return rc; + } + if (ebitmap_is_empty(&smap)) { + return CIL_FALSE; + } + if (FLAVOR(t2) != CIL_TYPEATTRIBUTE) { + struct cil_type *tt2 = (struct cil_type *)t2; + ebitmap_for_each_positive_bit(&smap, snode, s) { + if (s != (unsigned int)tt2->value) { + ebitmap_destroy(&smap); + return CIL_TRUE; + } + } + } else { + struct cil_typeattribute *at2 = (struct cil_typeattribute *)t2; + ebitmap_for_each_positive_bit(&smap, snode, s) { + ebitmap_for_each_positive_bit(at2->types, tnode, t) { + if (s != t) { + ebitmap_destroy(&smap); + return CIL_TRUE; + } + } + } + } + ebitmap_destroy(&smap); + } + + return CIL_FALSE; +} + +/* s1 is the src type that is matched with an other + * s2, and t2 are the source and type of the other rule + * Assumes there is a match between s1 and s2 + */ +static int cil_other_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2) +{ + int rc; + ebitmap_t smap, tmap; + ebitmap_node_t *snode, *tnode; + unsigned int s,t; + + if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) { + return CIL_FALSE; + } + + rc = cil_type_matches(&smap, s1, s2); + if (rc < 0) { + return rc; + } + + if (ebitmap_is_empty(&smap)) { + return CIL_FALSE; + } + + rc = cil_type_matches(&tmap, s1, t2); + if (rc < 0) { + ebitmap_destroy(&smap); + return rc; + } + + if (ebitmap_is_empty(&tmap)) { + ebitmap_destroy(&smap); + return CIL_FALSE; + } + + ebitmap_for_each_positive_bit(&smap, snode, s) { + ebitmap_for_each_positive_bit(&tmap, tnode, t) { + if (s != t) { + rc = CIL_TRUE; + goto exit; + } + } + } + + rc = CIL_FALSE; + +exit: + ebitmap_destroy(&smap); + ebitmap_destroy(&tmap); + return rc; +} + +/* s2 is the src type that is matched with an other + * Assumes there is a match between s1 and s2 + * s1 is not needed, since it is known that there is a match + */ +static int cil_notself_other_match_any(struct cil_symtab_datum *s2) +{ + if (FLAVOR(s2) == CIL_TYPEATTRIBUTE) { + struct cil_typeattribute *as2 = (struct cil_typeattribute *)s2; + if (ebitmap_cardinality(as2->types) > 1) { + return CIL_TRUE; + } + } + return CIL_FALSE; +} + static int cil_classperms_match_any(struct cil_classperms *cp1, struct cil_classperms *cp2) { struct cil_class *c1 = cp1->class; @@ -310,30 +436,56 @@ static int cil_find_matching_avrule(struct cil_tree_node *node, struct cil_avrul if (!cil_type_match_any(s1, s2)) goto exit; - if (t1->fqn != CIL_KEY_SELF && t2->fqn != CIL_KEY_SELF) { - if (!cil_type_match_any(t1, t2)) goto exit; - } else { - if (t1->fqn == CIL_KEY_SELF && t2->fqn == CIL_KEY_SELF) { + if (t1->fqn == CIL_KEY_SELF) { + if (t2->fqn == CIL_KEY_SELF) { /* The earlier check whether s1 and s2 matches is all that is needed */ - } else if (t1->fqn == CIL_KEY_SELF) { + rc = CIL_TRUE; + } else if (t2->fqn == CIL_KEY_NOTSELF || t2->fqn == CIL_KEY_OTHER) { + rc = CIL_FALSE; + } else { rc = cil_self_match_any(s1, s2, t2); - if (rc < 0) { - goto exit; - } else if (rc == CIL_FALSE) { - rc = SEPOL_OK; - goto exit; - } - } else if (t2->fqn == CIL_KEY_SELF) { + } + } else if (t1->fqn == CIL_KEY_NOTSELF) { + if (t2->fqn == CIL_KEY_SELF) { + rc = CIL_FALSE; + } else if (t2->fqn == CIL_KEY_NOTSELF) { + /* The earlier check whether s1 and s2 matches is all that is needed */ + rc = CIL_TRUE; + } else if (t2->fqn == CIL_KEY_OTHER) { + rc = cil_notself_other_match_any(s2); + } else { + rc = cil_notself_match_any(s1, s2, t2); + } + } else if (t1->fqn == CIL_KEY_OTHER) { + if (t2->fqn == CIL_KEY_SELF) { + rc = CIL_FALSE; + } else if (t2->fqn == CIL_KEY_NOTSELF) { + rc = cil_notself_other_match_any(s1); + } else if (t2->fqn == CIL_KEY_OTHER) { + /* The earlier check whether s1 and s2 matches is all that is needed */ + rc = CIL_TRUE; + } else { + rc = cil_other_match_any(s1, s2, t2); + } + } else { + if (t2->fqn == CIL_KEY_SELF) { rc = cil_self_match_any(s2, s1, t1); - if (rc < 0) { - goto exit; - } else if (rc == CIL_FALSE) { - rc = SEPOL_OK; - goto exit; - } + } else if (t2->fqn == CIL_KEY_NOTSELF) { + rc = cil_notself_match_any(s2, s1, t1); + } else if (t2->fqn == CIL_KEY_OTHER) { + rc = cil_other_match_any(s2, s1, t1); + } else { + rc = cil_type_match_any(t1, t2); } } + if (rc < 0) { + goto exit; + } else if (rc == CIL_FALSE) { + rc = SEPOL_OK; + goto exit; + } + if (!target->is_extended) { if (cil_classperms_list_match_any(avrule->perms.classperms, target->perms.classperms)) { cil_list_append(matching, CIL_NODE, node); diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index a7604762..d727c352 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -101,6 +101,8 @@ extern char *CIL_KEY_CONS_INCOMP; extern char *CIL_KEY_CONDTRUE; extern char *CIL_KEY_CONDFALSE; extern char *CIL_KEY_SELF; +extern char *CIL_KEY_NOTSELF; +extern char *CIL_KEY_OTHER; extern char *CIL_KEY_OBJECT_R; extern char *CIL_KEY_STAR; extern char *CIL_KEY_TCP; @@ -289,6 +291,8 @@ struct cil_db { struct cil_tree *parse; struct cil_tree *ast; struct cil_type *selftype; + struct cil_type *notselftype; + struct cil_type *othertype; struct cil_list *sidorder; struct cil_list *classorder; struct cil_list *catorder; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index d2bfdc81..96dd4054 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -333,6 +333,10 @@ int cil_resolve_avrule(struct cil_tree_node *current, void *extra_args) if (rule->tgt_str == CIL_KEY_SELF) { rule->tgt = db->selftype; + } else if (rule->tgt_str == CIL_KEY_NOTSELF) { + rule->tgt = db->notselftype; + } else if (rule->tgt_str == CIL_KEY_OTHER) { + rule->tgt = db->othertype; } else { rc = cil_resolve_name(current, rule->tgt_str, CIL_SYM_TYPES, args, &tgt_datum); if (rc != SEPOL_OK) { diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 4640dc59..3445507e 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -68,7 +68,8 @@ static int __cil_is_reserved_name(const char *name, enum cil_flavor flavor) case CIL_TYPE: case CIL_TYPEATTRIBUTE: case CIL_TYPEALIAS: - if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF)) + if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF) || (name == CIL_KEY_NOTSELF) + || (name == CIL_KEY_OTHER)) return CIL_TRUE; break; case CIL_CAT: From patchwork Wed Apr 12 21:04:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209513 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B15EC77B6C for ; Wed, 12 Apr 2023 21:04:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230347AbjDLVEd (ORCPT ); Wed, 12 Apr 2023 17:04:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37120 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230263AbjDLVER (ORCPT ); Wed, 12 Apr 2023 17:04:17 -0400 Received: from mail-qv1-xf2d.google.com (mail-qv1-xf2d.google.com [IPv6:2607:f8b0:4864:20::f2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 604D47A84 for ; Wed, 12 Apr 2023 14:04:16 -0700 (PDT) Received: by mail-qv1-xf2d.google.com with SMTP id e9so8802352qvv.2 for ; Wed, 12 Apr 2023 14:04:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333452; x=1683925452; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=C5reuVPD21ou8+nC4B88+z3QvyRqQ4C1pZl/XA+vTV0=; b=HLm2KbDyHaUlQq+/iqrqJMoHemqzCLy829V72x96+3IFTxeKg+iRiCHp3NtjMW43B6 SWhDS2BTYuKbTUJAiUUc3VtKUEzBr7sr0cNi0xkjnTNH/n317HL7aO4sZVifivj6seMy iAiwHUs24J4k+hcLUYY3yuaB+xUpqrFB+EeKWiYPl4sNws2GjSEsWFUXvh4CRJknSOyK sbQz6odTviv6VqdOj0a6kBRLf6G4P1qwuTxllLZNVpC9y3YG7G32KFtZH1UNnVmPr0Cb 9i1/1PraRdLdBECZQryy2bA84jmctwYjGgduXizZM6kPWTLPG4JTFTuZKgOVaFLb4Uk6 51cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333452; x=1683925452; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C5reuVPD21ou8+nC4B88+z3QvyRqQ4C1pZl/XA+vTV0=; b=NuXhJ8qfRRzF75bRaXsjYHmAAr0NgoTfcxqgx51sExFzUsLn8k5OSyftl+esBPM3WS BNupgCj6tzOYB0SjXaEpAtxFhPi4xQ8nFS/UCHWh5noHbjsZ5uQjsvC8Glai1YbTEZxI rIqk0pqXpAxW4E2kZu+B/KO6T88WN1dV8uCtWiWCgUALFDOhYSjOJG0Au03inhqy1w5a QDvmMjGFNvNhL9Mrm3nVTHOrX+9OZr142YzpBqBKPPElJvclI+f10F08zoddX4e4XFYU rnqYzGPTY5SBF6TppA1oTuBAs3h6fc3iluKMRnFU2O514bYnwO1ZPru6jAbdaDZPl98K 8XCg== X-Gm-Message-State: AAQBX9fr3ahrax6O+OOAl1yy2qzJMDnyEz+ow1vIUAbkhzaBWKXq+uVp XPK9v5yB5WfahsXkLnDh/aW+frcu5M8= X-Google-Smtp-Source: AKy350aTDZ1qG2d3GImHaTw8ZxOPW0IL/v0bA5Xuo5fOx0bCzgVEZcPfqhVAl0TUH/CzVsEF7HpiJQ== X-Received: by 2002:ad4:5e8c:0:b0:5ee:e18d:3f1 with SMTP id jl12-20020ad45e8c000000b005eee18d03f1mr935120qvb.35.1681333452014; Wed, 12 Apr 2023 14:04:12 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:11 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com Subject: [PATCH 4/6] libsepol: update CIL generation for trivial not-self rules Date: Wed, 12 Apr 2023 17:04:04 -0400 Message-Id: <20230412210406.522892-5-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: Christian Göttsche Convert trivial not-self neverallow rules to CIL, e.g. neverallow TYPE1 ~self:CLASS1 PERM1; into (neverallow TYPE1 notself (CLASS1 (PERM1))) More complex targets are not yet supported in CIL and will fail to convert, e.g.: neverallow TYPE1 ~{ self ATTR1 } : CLASS1 PERM1; neverallow TYPE2 { ATTR2 -self } : CLASS2 PERM2; Signed-off-by: Christian Göttsche --- libsepol/src/module_to_cil.c | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 2b24d33e..c98f7142 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -1201,10 +1201,23 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a goto exit; } - ts = &avrule->ttypes; - rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames); - if (rc != 0) { - goto exit; + if (avrule->flags & RULE_NOTSELF) { + if (!ebitmap_is_empty(&avrule->ttypes.types) || !ebitmap_is_empty(&avrule->ttypes.negset)) { + if (avrule->source_filename) { + log_err("%s:%lu: Non-trivial neverallow rules with targets containing not or minus self not yet supported", + avrule->source_filename, avrule->source_line); + } else { + log_err("Non-trivial neverallow rules with targets containing not or minus self not yet supported"); + } + rc = -1; + goto exit; + } + } else { + ts = &avrule->ttypes; + rc = process_typeset(pdb, ts, attr_list, &tnames, &num_tnames); + if (rc != 0) { + goto exit; + } } for (s = 0; s < num_snames; s++) { @@ -1228,6 +1241,15 @@ static int avrule_list_to_cil(int indent, struct policydb *pdb, struct avrule *a if (rc != 0) { goto exit; } + } else if (avrule->flags & RULE_NOTSELF) { + if (avrule->specified & AVRULE_XPERMS) { + rc = avrulex_to_cil(indent, pdb, avrule->specified, snames[s], "notself", avrule->perms, avrule->xperms); + } else { + rc = avrule_to_cil(indent, pdb, avrule->specified, snames[s], "notself", avrule->perms); + } + if (rc != 0) { + goto exit; + } } } From patchwork Wed Apr 12 21:04:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209516 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 48E9AC77B76 for ; Wed, 12 Apr 2023 21:04:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230170AbjDLVEf (ORCPT ); Wed, 12 Apr 2023 17:04:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37146 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230288AbjDLVET (ORCPT ); Wed, 12 Apr 2023 17:04:19 -0400 Received: from mail-qv1-xf34.google.com (mail-qv1-xf34.google.com [IPv6:2607:f8b0:4864:20::f34]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 95D4359E3 for ; Wed, 12 Apr 2023 14:04:16 -0700 (PDT) Received: by mail-qv1-xf34.google.com with SMTP id qh25so3207428qvb.1 for ; Wed, 12 Apr 2023 14:04:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333453; x=1683925453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4Z1om3Ty+ulg5PVW3gHISEbi7kxXYfJ8OvgNR+U1Vqw=; b=f9HJd8J9uYeXLQzGh2UicCCuP5aarrwuhEJY4NUVlR6qLWbyRwMi5AMoL2/p4A3BQw N8tc8kJtjl6XIb7UP/iiiWDqQsB2KmEAWuU4W7r8IlHMrVHLs35VEpFrk8poDbzjsTzB yx8Ovp+jbNk3SUVHKJVQc4fP/mCHQpULuxOM4iGpoVOgaZEHQtEAtl+aKUSnlfkTlAoN ctQqwJfhcwmn0f4zcgSZpu4t3lGyEf40qNRSWQAv9oybgiyqSf3hSbVn7xxjMtCElRLp f6s71bvFq0I3+Y8Ywi6PCkzQy9px8/Q59/Nh4kGln/QEQYx4zqAPxziP7zpU3VTS42Z1 QchA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333453; x=1683925453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4Z1om3Ty+ulg5PVW3gHISEbi7kxXYfJ8OvgNR+U1Vqw=; b=GJGsYou2ifapKr0muYizc7OXO6CxKSgctcYJJE338Wd7uB72QUnJzqBkrWhS6lGWGR bJ6FWBjrSzvcHMPuSW35VPWxqho9iw9g6yf2EBvBqNpJXvNoa/xCnWW1LolEdzV+KFnC tju83S5THriOerHCUtcFs8nI6vc/Lt3Pt71rUTjRSwdn9g4hsC9KGVXZik8JBhX+QosW K410SLypBy9MzRxFiryXgOtE1GmnSraYpWhwzoUoWLUvrUxGU/QSu0IxZ7oJd6qzgHo+ SFhYmj+BZPRQ6qWxighW+++fpSYNFvLFH+24+MfySQl8Uewc5Dp5mVhy62m4gWY62BTy UKjg== X-Gm-Message-State: AAQBX9dPK7LTK/oaOqgkHPNp6BgrQjfvjJrbrZahoP7L6jcnOQk0PIcP OiT//pcenxFuth/8xxO32Fs5QLsiYYU= X-Google-Smtp-Source: AKy350Y6F/wCs9gvyYtGE6pcYMhtxx/L2LF1+JxKYF6LZw+7jwEWnJhcgVCsmCO/6e0Mjy4LSj4uVA== X-Received: by 2002:a05:6214:e4d:b0:56f:b28f:cc30 with SMTP id o13-20020a0562140e4d00b0056fb28fcc30mr5640592qvc.4.1681333452706; Wed, 12 Apr 2023 14:04:12 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:12 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com, James Carter Subject: [PATCH 5/6] secilc/docs: Add notself and other keywords to CIL documentation Date: Wed, 12 Apr 2023 17:04:05 -0400 Message-Id: <20230412210406.522892-6-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Also reorganize the access vector rules section to minimize duplication explanation of the parts of access vector rules. Signed-off-by: James Carter --- secilc/docs/README.md | 1 - secilc/docs/cil_access_vector_rules.md | 244 +++---------------------- secilc/docs/cil_reference_guide.md | 9 - secilc/docs/secil.xml | 2 + 4 files changed, 32 insertions(+), 224 deletions(-) diff --git a/secilc/docs/README.md b/secilc/docs/README.md index efab2a71..5e00fc3b 100644 --- a/secilc/docs/README.md +++ b/secilc/docs/README.md @@ -17,7 +17,6 @@ CIL (Common Intermediate Language) * [Global Namespace](cil_reference_guide.md#global-namespace) * [Expressions](cil_reference_guide.md#expressions) * [Name String](cil_reference_guide.md#name-string) - * [self](cil_reference_guide.md#self) * [Example CIL Policy](../test/policy.cil) * [Access Vector Rules](cil_access_vector_rules.md#access-vector-rules) diff --git a/secilc/docs/cil_access_vector_rules.md b/secilc/docs/cil_access_vector_rules.md index f0ba4a90..034185da 100644 --- a/secilc/docs/cil_access_vector_rules.md +++ b/secilc/docs/cil_access_vector_rules.md @@ -1,15 +1,12 @@ Access Vector Rules =================== -allow ------ - -Specifies the access allowed between a source and target type. Note that access may be refined by constraint rules based on the source, target and class ([`validatetrans`](cil_constraint_statements.md#validatetrans) or [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)) or source, target class and permissions ([`constrain`](cil_constraint_statements.md#constrain) or [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain) statements). +Rules involving a source type, a target type, and class permissions or extended permissions. **Rule definition:** ```secil - (allow source_id target_id|self classpermissionset_id ...) + (av_flavor source_id target_id|self|notself|other classpermission_id|permissionx_id) ``` **Where:** @@ -21,9 +18,8 @@ Specifies the access allowed between a source and target type. Note that access -

allow

-

The allow keyword.

- +

av_flavor

+

The flavor of access vector rule. Possible flavors are allow, auditallow, dontaudit, neverallow, allowx, auditallowx, dontauditx, neverallowx.

source_id

A single previously defined source type, typealias or typeattribute identifier.

@@ -31,15 +27,31 @@ Specifies the access allowed between a source and target type. Note that access

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

+

Instead it can be one of the special keywords self, notself or other.

+

The self keyword may be used to signify that source and target are the same. If the source is an attribute, each type of the source will be paired with itself as the target. The notself keyword may be used to signify that the target is all types except for the types of the source. The other keyword may be used as a short-hand way of writing a rule for each type of the source where it is paired with all of the other types of the source as the target.

-

classpermissionset_id

-

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

+

classpermission_id

+

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers. Used for allow, auditallow, dontaudit, neverallow rules.

+ + +

permissionx_id

+

A single named or anonymous permissionx. Used for allowx, auditallowx, dontauditx, neverallowx rules.

+allow +----- + +Specifies the access allowed between a source and target type. Note that access may be refined by constraint rules based on the source, target and class ([`validatetrans`](cil_constraint_statements.md#validatetrans) or [`mlsvalidatetrans`](cil_constraint_statements.md#mlsvalidatetrans)) or source, target class and permissions ([`constrain`](cil_constraint_statements.md#constrain) or [`mlsconstrain`](cil_constraint_statements.md#mlsconstrain) statements). + +**Rule definition:** + +```secil + (allow source_id target_id|self|notself|other classpermissionset_id ...) +``` + **Examples:** These examples show a selection of possible permutations of [`allow`](cil_access_vector_rules.md#allow) rules: @@ -97,37 +109,9 @@ Audit the access rights defined if there is a valid allow rule. Note: It does NO **Rule definition:** ```secil - (auditallow source_id target_id|self classpermissionset_id ...) + (auditallow source_id target_id|self|notself|other classpermissionset_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

auditallow

The auditallow keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will log an audit event whenever the corresponding [`allow`](cil_access_vector_rules.md#allow) rule grants access to the specified permissions: @@ -148,37 +132,9 @@ Note that these rules can be omitted by the CIL compiler command line parameter **Rule definition:** ```secil - (dontaudit source_id target_id|self classpermissionset_id ...) + (dontaudit source_id target_id|self|notself|other classpermissionset_id ...) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

dontaudit

The dontaudit keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will not audit the denied access: @@ -197,37 +153,9 @@ Note that these rules can be over-ridden by the CIL compiler command line parame **Rule definition:** ```secil - (neverallow source_id target_id|self classpermissionset_id ...) + (neverallow source_id target_id|self|notself|other classpermissionset_id ...) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

neverallow

The neverallow keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

classpermissionset_id

A single named or anonymous classpermissionset or a single set of classmap/classmapping identifiers.

- **Example:** This example will not compile as `type_3` is not allowed to be a source type for the [`allow`](cil_access_vector_rules.md#allow) rule: @@ -258,37 +186,9 @@ Note that for this to work there must *also* be valid equivalent [`allow`](cil_a **Rule definition:** ```secil - (allowx source_id target_id|self permissionx_id) + (allowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

allowx

The allowx keyword.

source_id

A single previously defined source type, typealias, or typeattribute identifier.

target_id

A single previously defined target type, typealias, or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** These examples show a selection of possible permutations of [`allowx`](cil_access_vector_rules.md#allowx) rules: @@ -313,37 +213,9 @@ Note that for this to work there must *also* be valid equivalent [`auditallow`]( **Rule definition:** ```secil - (auditallowx source_id target_id|self permissionx_id) + (auditallowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

auditallowx

The auditallowx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will log an audit event whenever the corresponding [`allowx`](cil_access_vector_rules.md#allowx) rule grants access to the specified extended permissions: @@ -367,37 +239,9 @@ Note that these rules can be omitted by the CIL compiler command line parameter **Rule definition:** ```secil - (dontauditx source_id target_id|self permissionx_id) + (dontauditx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

dontauditx

The dontauditx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will not audit the denied access: @@ -416,37 +260,9 @@ Note that these rules can be over-ridden by the CIL compiler command line parame **Rule definition:** ```secil - (neverallowx source_id target_id|self permissionx_id) + (neverallowx source_id target_id|self|notself|other permissionx_id) ``` -**Where:** - - ---- - - - - - - - - - - - - - - - - - - -

neverallowx

The neverallowx keyword.

source_id

A single previously defined source type, typealias or typeattribute identifier.

target_id

A single previously defined target type, typealias or typeattribute identifier.

-

The self keyword may be used instead to signify that source and target are the same.

permissionx_id

A single named or anonymous permissionx.

- **Examples:** This example will not compile as `type_3` is not allowed to be a source type and ioctl range for the [`allowx`](cil_access_vector_rules.md#allowx) rule: diff --git a/secilc/docs/cil_reference_guide.md b/secilc/docs/cil_reference_guide.md index ac800b12..d1d3ff16 100644 --- a/secilc/docs/cil_reference_guide.md +++ b/secilc/docs/cil_reference_guide.md @@ -316,12 +316,3 @@ Alternatively: (typetransition audit.process device.device chr_file ARG1 device.klog_device) ) ``` - -self ----- - -The [`self`](cil_reference_guide.md#self) keyword may be used as the target in AVC rule statements, and means that the target is the same as the source as shown in the following example:. - -```secil - (allow unconfined.process self (file (read write))) -``` diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml index 38d7b030..60314e9a 100644 --- a/secilc/docs/secil.xml +++ b/secilc/docs/secil.xml @@ -145,6 +145,8 @@ r3 sctp self + notself + other t1 t2 t3 From patchwork Wed Apr 12 21:04:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 13209515 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7490DC77B6E for ; Wed, 12 Apr 2023 21:04:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230268AbjDLVEe (ORCPT ); Wed, 12 Apr 2023 17:04:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230170AbjDLVES (ORCPT ); Wed, 12 Apr 2023 17:04:18 -0400 Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 14F915244 for ; Wed, 12 Apr 2023 14:04:17 -0700 (PDT) Received: by mail-qv1-xf2b.google.com with SMTP id z3so4642123qvs.8 for ; Wed, 12 Apr 2023 14:04:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681333453; x=1683925453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=v3or0EyPzoOoHWymTfEZiSJxfKOg7J1n6Iw5ufQ3oWU=; b=ZmiEH/RdrHsMyn4NRPbyxTYKhDu52zca7hyHB3fqQY/WsjGjx2jk44j7wSPJy6jAaS EvXWQsxc8RWdg9EztVWEwoOV5BzDZc/WTN9QolRW4I3scKHMtO3bxD2bNJiB7Ku/z5Gs eFDmcdd5IfIEQCpk6VCPp5jxDNpaLD6dJPEdgjvQ50G+uwwLze8sNSSogKrFiuHNpBH4 Jo7dBCkf80ceyWq8+JKZUHskP6/PNszSZtEqQJ00J8skUFhRbyn/p6bOZwqeucwuY3Gq dt24z4/3KFvNwdg0TDmpe1vLgAqbFXrVYjyIdICW9vmhrq6xERUhRA+OvcDymq+Gc2LF yECA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681333453; x=1683925453; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v3or0EyPzoOoHWymTfEZiSJxfKOg7J1n6Iw5ufQ3oWU=; b=WthSkm83i73DfgYvxynMDjrf4WgeseUTwjhvK6qlIuNGexo/U9NWLbp/VRSGdAFeaQ rZbFqy16HFSWBuv/eRsfTbF88SMKeUgcvS545vrS9xQFEe1GsQYyl/OUuvxcDOnDQ+/n 6t5Qa3Oxt+JVHXMRyuR68JrObX5NFGodJYXIQouULi60G+4t4+cm5OhZfcxlxzW8BB0o Pq0oBz0qvny/vM6ZEo58iSZnYLLOWVz04toKU65vAyd0wAAuRss5KamzwHkjy14oiSS5 Hvyk/FU/EpXdSoS2M1HlYNZ1s5IsU4ppIcn2QMB5gnY/tqM8qcu937UppU2hskyxd+pr C/SQ== X-Gm-Message-State: AAQBX9dxXrgQsr1OJaTjDEB687+X+DdLlJSzlhBCQrMWxIpLBzxQFL+U 1gTexwIRGNkxfPLH5gg9dkTbPrASpFU= X-Google-Smtp-Source: AKy350af+U4smig58IfgPX/h/WNJi9jUnVdIGjS+OFHOFMOUGa57OGSoq3ZxvTQwb8NkhevESvEVSw== X-Received: by 2002:ad4:5743:0:b0:5e9:46d:fb52 with SMTP id q3-20020ad45743000000b005e9046dfb52mr987247qvx.34.1681333453309; Wed, 12 Apr 2023 14:04:13 -0700 (PDT) Received: from electric.. (c-73-172-54-2.hsd1.md.comcast.net. [73.172.54.2]) by smtp.gmail.com with ESMTPSA id oe6-20020a056214430600b005e16003edc9sm5025758qvb.104.2023.04.12.14.04.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Apr 2023 14:04:13 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: cgzones@googlemail.com, James Carter Subject: [PATCH 6/6] secilc/test: Add notself and other tests Date: Wed, 12 Apr 2023 17:04:06 -0400 Message-Id: <20230412210406.522892-7-jwcart2@gmail.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230412210406.522892-1-jwcart2@gmail.com> References: <20230412210406.522892-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: James Carter --- secilc/test/notself_and_other.cil | 65 +++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 secilc/test/notself_and_other.cil diff --git a/secilc/test/notself_and_other.cil b/secilc/test/notself_and_other.cil new file mode 100644 index 00000000..9b33bfcb --- /dev/null +++ b/secilc/test/notself_and_other.cil @@ -0,0 +1,65 @@ +(class CLASS (PERM)) +(class C1 (p1a p1b p1c p1d p1e)) +(classorder (CLASS C1)) +(sid SID) +(sidorder (SID)) +(user USER) +(role ROLE) +(type TYPE) +(category CAT) +(categoryorder (CAT)) +(sensitivity SENS) +(sensitivityorder (SENS)) +(sensitivitycategory SENS (CAT)) +(allow TYPE self (CLASS (PERM))) +(roletype ROLE TYPE) +(userrole USER ROLE) +(userlevel USER (SENS)) +(userrange USER ((SENS)(SENS (CAT)))) +(sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) + +(type ta) +(type tb) +(type tc) +(type td) + +(typeattribute aab) +(typeattributeset aab (ta tb)) + +(typeattribute aac) +(typeattributeset aac (ta tc)) + +(typeattribute abc) +(typeattributeset abc (tb tc)) + +(typeattribute aabc) +(typeattributeset aabc (ta tb tc)) + +(typeattribute a_all_not_ta) +(typeattributeset a_all_not_ta (and (all) (not ta))) + +(typeattribute a_all_not_aab) +(typeattributeset a_all_not_aab (and (all) (not aab))) + +; Test 01 +(allow ta notself (C1 (p1a))) +; (neverallow ta a_all_not_ta (C1 (p1a))) ; This check should fail + +; Test 02 +(allow aab notself (C1 (p1b))) +; (neverallow aab a_all_not_aab (C1 (p1b))) ; This check should fail + +; Test 03 +(allow aab other (C1 (p1c))) +; (neverallow ta tb (C1 (p1c))) ; This check should fail +; (neverallow tb ta (C1 (p1c))) ; This check should fail + +; Test 04 +(allow aabc other (C1 (p1d))) +; (neverallow ta abc (C1 (p1d))) ; This check should fail +; (neverallow tb aac (C1 (p1d))) ; This check should fail +; (neverallow tc aab (C1 (p1d))) ; This check should fail + +; Test 05 +(allow ta other (C1 (p1e))) ; other used with a single type results in no rule +(neverallow ta a_all_not_ta (C1 (p1e)))