On Thu, 2006-09-28 at 14:33 -0400, Linda Knippers wrote: > Its a little more complicated than that because avc_has_perm() takes > you down a path where it wants to translate a context. > > avc_had_perm() calls avc_has_perm_noaudit() and if the avc_lookup() > fails, it calls security_compute_av(), which needs a raw context > so it calls back into the translation functions. > > I think I can make it work by calling security_compute_av_raw() > instead but then it doesn't get cached, right? > > Any other ideas?
Hmmm..context translation support wasn't properly integrated with the userspace AVC. Logically, I'd expect avc_context_to_sid() and avc_sid_to_context() to perform translation, such that avc_has_perm_noaudit() would already have the raw contexts available to it from the SIDs and be able to directly call security_compute_av_raw() internally. And then one would have avc_context_to_sid_raw() and avc_sid_to_context_raw() for programs that didn't want translation at all. For the translation daemon itself, you might want a libselinux function that lets you disable all translations (i.e. set a flag that is checked on entry by selinux_trans_to_raw_context() and selinux_raw_to_trans_context() and handled in the same manner as the ! mls_enabled case). Then the translation daemon could just call any libselinux function without needing to worry about accidentally triggering a communication to itself. -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
