Re: Fix alias handling in sepolicy and semaange
I'm really not that familiar with the Python code to review this at the moment, perhaps Nicolas is? On Tue, Oct 16, 2018 at 1:27 AM Vit Mojzis wrote: > > Sepolicy and semanage do not work with aliases properly (aliases are > mostly treated as invalid types). Fix this by determining corresponding > type when an alias is used and working with the type instead. > > python/semanage/seobject.py | 21 ++--- > python/sepolicy/sepolicy.py | 8 +++- > python/sepolicy/sepolicy/__init__.py | 22 ++ > 3 files changed, 31 insertions(+), 20 deletions(-) > > > ___ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [GIT PULL] SELinux fixes for v4.19 (#1)
On Mon, Oct 15, 2018 at 06:28:04PM -0400, Paul Moore wrote: > Hi Greg, > > We've got one SELinux "fix" that I'd like to get into v4.19 if > possible. I'm using double quotes on "fix" as this is just an update > to the MAINTAINERS file and not a code change. From my perspective, > MAINTAINERS updates generally don't warrant inclusion during the -rcX > phase, but this is a change to the mailing list location so it seemed > prudent to get this in before v4.19 is released. > > If you don't want this for v4.19 let me know and I'll queue it up for > the upcoming merge window. Not a problem, now merged, thanks. greg k-h ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: Blocking exec on processes based on arguments
On 10/10/2018 07:57 AM, Ville Baillie wrote: Hi, Does SELinux provide any sort of mechanism for blocking exec on commands based on their command line arguments? The proposed use case goes a little like this, allow 'wget' to access 'http://good-server-1/*' and 'http://good-server-2/*' but block access to other hostnames and log the access type. I understand there are probably other ways to achieve this but am wondering if it is possible just using SELinux? Not based on command line arguments, no. If you wanted to provide SELinux-based control over the network traffic, you could configure iptables SECMARK rules. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH v2] selinux: fix byte order and alignment issues in policydb.c
On Tue, Oct 16, 2018 at 2:53 PM Stephen Smalley wrote:
> On 10/16/2018 03:09 AM, Ondrej Mosnacek wrote:
> > Add missing LE conversions to the Infiniband-related range checks. These
> > were causing a failure to load any policy with an ibendportcon rule on
> > BE systems. This can be reproduced by running:
> >
> > cat >my_module.cil < > (type test_ibendport_t)
> > (roletype object_r test_ibendport_t)
> > (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0
> > EOF
> > semodule -i my_module.cil
> >
> > (On ppc64 it fails with "/sbin/load_policy: Can't load policy: Invalid
> > argument")
> >
> > Also, the temporary buffers are only guaranteed to be aligned for 32-bit
> > access so use (get/put)_unaligned_be64() for 64-bit accesses.
> >
> > Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
> > should be used instead.
> >
> > Tested internally on a ppc64 machine with a RHEL 7 kernel with this
> > patch applied.
> >
> > Cc: Daniel Jurgens
> > Cc: Eli Cohen
> > Cc: James Morris
> > Cc: Doug Ledford
> > Cc: # 4.13+
> > Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband
> > support")
> > Signed-off-by: Ondrej Mosnacek
> > ---
> > security/selinux/ss/policydb.c | 28 +++-
> > 1 file changed, 15 insertions(+), 13 deletions(-)
> >
> > Changes in v2:
> > - add reproducer to commit message
> > - update e-mail address of James Morris
> > - better Cc also the old SELinux ML
> >
> > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> > index f4eadd3f7350..2b310e8f2923 100644
> > --- a/security/selinux/ss/policydb.c
> > +++ b/security/selinux/ss/policydb.c
> > @@ -37,6 +37,7 @@
> > #include
> > #include
> > #include
> > +#include
> > #include "security.h"
> >
> > #include "policydb.h"
> > @@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct
> > policydb_compat_info *info,
> > {
> > int i, j, rc;
> > u32 nel, len;
> > - __le32 buf[3];
> > + __le32 buf[4];
> > struct ocontext *l, *c;
> > u32 nodebuf[8];
> >
> > @@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct
> > policydb_compat_info *info,
> > break;
> > }
> > case OCON_IBPKEY:
> > - rc = next_entry(nodebuf, fp, sizeof(u32) * 4);
> > + rc = next_entry(buf, fp, sizeof(u32) * 4);
> > if (rc)
> > goto out;
> >
> > - c->u.ibpkey.subnet_prefix =
> > be64_to_cpu(*((__be64 *)nodebuf));
> > + c->u.ibpkey.subnet_prefix =
> > get_unaligned_be64(buf);
> >
> > - if (nodebuf[2] > 0x ||
> > - nodebuf[3] > 0x) {
> > + if (le32_to_cpu(buf[2]) > 0x ||
> > + le32_to_cpu(buf[3]) > 0x) {
> > rc = -EINVAL;
> > goto out;
> > }
> >
> > - c->u.ibpkey.low_pkey =
> > le32_to_cpu(nodebuf[2]);
> > - c->u.ibpkey.high_pkey =
> > le32_to_cpu(nodebuf[3]);
> > + c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]);
> > + c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
>
> I'm wondering why the handling here is inconsistent with that of
> OCON_NODE/OCON_NODE6, which also deals with network byte order / big
> endian data.
I believe OCON_NODE/OCON_NODE6 doesn't call be32_to_cpu() because the
kernel code probably expects those values to be in the "network
order", in the sense that when you call ntohl() (basically an alias
for be32_to_cpu()) on them, then you get a value where the low bytes
are actually in the low bits of the integer. There are comments that
seem to be intended as a justification doing this. Perhaps the
subnet_prefix has different semantics, perhaps not...
> Also it is inconsistent with the corresponding userspace
> code in libsepol for IBPKEY, which just does a memcpy() for copying
> between the subnet_prefix and the buffer.
Hm... indeed, the userspace code doesn't match here. Now noone really
knows which of them has the intended format... this is a mess :/
>
> Switching to buf entirely doesn't seem right since it is __le32 and the
> first part is actually __be64.
That's why I switched to using get/put_unaligned_be64() there. Now the
first two elements are just treated as some eight bytes of memory, so
it doesn't matter what type they are. The only issue with the
unaligned accessors might be perfomance, but I don't think this part
of code is that performance critical. Anyway, maybe I'm just trying
too hard to avoid declaring a yet another buf there :)
>
> Maybe we ought to be
Re: [PATCH v5 2/5] Smack: Prepare for PTRACE_MODE_SCHED
On Thu, 4 Oct 2018, Jann Horn wrote: > > Well, we can't really call out into audit from scheduler code, and the > > previous versions of the patchsets didn't have PTRACE_MODE_SCHED, so it > > had to be included in PTRACE_MODE_IBPB in order to make sure we're not > > calling into audit from context switch code. > > > > Or did I misunderstand the question? > > If I understand Casey correctly, he is saying that your patch > (https://lore.kernel.org/lkml/nycvar.yfh.7.76.1809251437340.15...@cbobk.fhfr.pm/) > doesn't include PTRACE_MODE_NOAUDIT for IBPB, but the previous v6 of > your patch > (https://lore.kernel.org/lkml/nycvar.yfh.7.76.1809121105330.15...@cbobk.fhfr.pm/) > did include it, and therefore Casey thinks that there is a specific > reason why you removed PTRACE_MODE_NOAUDIT, Quite honestly, I don't remember. I dont't think there is any deadlock that'd be triggered by this. > and therefore Casey is adding special-case logic for PTRACE_MODE_SCHED > to Smack when simply using PTRACE_MODE_NOAUDIT would also work. > > I think that Casey should change ptrace_may_access_sched() to use > "mode | PTRACE_MODE_SCHED | PTRACE_MODE_NOAUDIT". Agreed, that should work. Thanks, -- Jiri Kosina SUSE Labs ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: [PATCH v2] selinux: fix byte order and alignment issues in policydb.c
On 10/16/2018 03:09 AM, Ondrej Mosnacek wrote:
Add missing LE conversions to the Infiniband-related range checks. These
were causing a failure to load any policy with an ibendportcon rule on
BE systems. This can be reproduced by running:
cat >my_module.cil <
Cc: Eli Cohen
Cc: James Morris
Cc: Doug Ledford
Cc: # 4.13+
Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support")
Signed-off-by: Ondrej Mosnacek
---
security/selinux/ss/policydb.c | 28 +++-
1 file changed, 15 insertions(+), 13 deletions(-)
Changes in v2:
- add reproducer to commit message
- update e-mail address of James Morris
- better Cc also the old SELinux ML
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index f4eadd3f7350..2b310e8f2923 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -37,6 +37,7 @@
#include
#include
#include
+#include
#include "security.h"
#include "policydb.h"
@@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct
policydb_compat_info *info,
{
int i, j, rc;
u32 nel, len;
- __le32 buf[3];
+ __le32 buf[4];
struct ocontext *l, *c;
u32 nodebuf[8];
@@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
break;
}
case OCON_IBPKEY:
- rc = next_entry(nodebuf, fp, sizeof(u32) * 4);
+ rc = next_entry(buf, fp, sizeof(u32) * 4);
if (rc)
goto out;
-c->u.ibpkey.subnet_prefix = be64_to_cpu(*((__be64 *)nodebuf));
+ c->u.ibpkey.subnet_prefix =
get_unaligned_be64(buf);
-if (nodebuf[2] > 0x ||
- nodebuf[3] > 0x) {
+ if (le32_to_cpu(buf[2]) > 0x ||
+ le32_to_cpu(buf[3]) > 0x) {
rc = -EINVAL;
goto out;
}
-c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]);
- c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]);
+ c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]);
+ c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
I'm wondering why the handling here is inconsistent with that of
OCON_NODE/OCON_NODE6, which also deals with network byte order / big
endian data. Also it is inconsistent with the corresponding userspace
code in libsepol for IBPKEY, which just does a memcpy() for copying
between the subnet_prefix and the buffer.
Switching to buf entirely doesn't seem right since it is __le32 and the
first part is actually __be64.
Maybe we ought to be splitting this into two next_entry() calls, one to
fetch the be64 subnet prefix into an appropriately aligned and typed
buffer and one to fetch the le32 low/high pkey values into buf?
We also need to fix the libsepol code
(selinux/libsepol/src/policydb.c:ocontext_read_selinux) for the validity
check at least.
rc = context_read_and_validate(>context[0],
p,
@@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct
policydb_compat_info *info,
if (rc)
goto out;
-if (buf[1] > 0xff || buf[1] == 0) {
+ if (le32_to_cpu(buf[1]) > 0xff ||
+ le32_to_cpu(buf[1]) == 0) {
rc = -EINVAL;
goto out;
}
@@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct
policydb_compat_info *info,
{
unsigned int i, j, rc;
size_t nel, len;
- __le32 buf[3];
+ __le32 buf[4];
u32 nodebuf[8];
struct ocontext *c;
for (i = 0; i < info->ocon_num; i++) {
@@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct
policydb_compat_info *info,
return rc;
break;
case OCON_IBPKEY:
- *((__be64 *)nodebuf) =
cpu_to_be64(c->u.ibpkey.subnet_prefix);
+ put_unaligned_be64(c->u.ibpkey.subnet_prefix,
buf);
-nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey);
- nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey);
+ buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey);
+ buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey);
-rc = put_entry(nodebuf, sizeof(u32), 4,
[PATCH 1/3] python/sepolicy: Fix "info" to search aliases as well
Restore previous behaviour of "sepolicy.info()".
---
python/sepolicy/sepolicy/__init__.py | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/python/sepolicy/sepolicy/__init__.py
b/python/sepolicy/sepolicy/__init__.py
index 5d0535b9..8484b28c 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -168,15 +168,21 @@ except ValueError as e:
def info(setype, name=None):
if setype == TYPE:
q = setools.TypeQuery(_pol)
-if name:
-q.name = name
+q.name = name
+results = list(q.results())
+
+if name and len(results) < 1:
+#type not found, try alias
+q.name = None
+q.alias = name
+results = list(q.results())
return ({
'aliases': list(map(str, x.aliases())),
'name': str(x),
'permissive': bool(x.ispermissive),
'attributes': list(map(str, x.attributes()))
-} for x in q.results())
+} for x in results)
elif setype == ROLE:
q = setools.RoleQuery(_pol)
--
2.17.1
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH 3/3] python/semanage: Stop rejecting aliases in semanage commands
Resolves: rhbz#1544793
---
python/semanage/seobject.py | 21 ++---
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index c1467185..5d34cdbe 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -1081,7 +1081,7 @@ class portRecords(semanageRecords):
if type == "":
raise ValueError(_("Type is required"))
-if type not in self.valid_types:
+if sepolicy.get_real_type_name(type) not in self.valid_types:
raise ValueError(_("Type %s is invalid, must be a port type") %
type)
(k, proto_d, low, high) = self.__genkey(port, proto)
@@ -1145,7 +1145,7 @@ class portRecords(semanageRecords):
else:
raise ValueError(_("Requires setype"))
-if setype and setype not in self.valid_types:
+if setype and sepolicy.get_real_type_name(setype) not in
self.valid_types:
raise ValueError(_("Type %s is invalid, must be a port type") %
setype)
(k, proto_d, low, high) = self.__genkey(port, proto)
@@ -1349,7 +1349,7 @@ class ibpkeyRecords(semanageRecords):
if type == "":
raise ValueError(_("Type is required"))
-if type not in self.valid_types:
+if sepolicy.get_real_type_name(type) not in self.valid_types:
raise ValueError(_("Type %s is invalid, must be a ibpkey type") %
type)
(k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix)
@@ -1411,7 +1411,7 @@ class ibpkeyRecords(semanageRecords):
else:
raise ValueError(_("Requires setype"))
-if setype and setype not in self.valid_types:
+if setype and sepolicy.get_real_type_name(setype) not in
self.valid_types:
raise ValueError(_("Type %s is invalid, must be a ibpkey type") %
setype)
(k, subnet_prefix, low, high) = self.__genkey(pkey, subnet_prefix)
@@ -1597,7 +1597,7 @@ class ibendportRecords(semanageRecords):
if type == "":
raise ValueError(_("Type is required"))
-if type not in self.valid_types:
+if sepolicy.get_real_type_name(type) not in self.valid_types:
raise ValueError(_("Type %s is invalid, must be an ibendport
type") % type)
(k, ibendport, port) = self.__genkey(ibendport, ibdev_name)
@@ -1658,7 +1658,7 @@ class ibendportRecords(semanageRecords):
else:
raise ValueError(_("Requires setype"))
-if setype and setype not in self.valid_types:
+if setype and sepolicy.get_real_type_name(setype) not in
self.valid_types:
raise ValueError(_("Type %s is invalid, must be an ibendport
type") % setype)
(k, ibdev_name, port) = self.__genkey(ibendport, ibdev_name)
@@ -1847,7 +1847,7 @@ class nodeRecords(semanageRecords):
if ctype == "":
raise ValueError(_("SELinux node type is required"))
-if ctype not in self.valid_types:
+if sepolicy.get_real_type_name(ctype) not in self.valid_types:
raise ValueError(_("Type %s is invalid, must be a node type") %
ctype)
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
@@ -1916,7 +1916,7 @@ class nodeRecords(semanageRecords):
if serange == "" and setype == "":
raise ValueError(_("Requires setype or serange"))
-if setype and setype not in self.valid_types:
+if setype and sepolicy.get_real_type_name(setype) not in
self.valid_types:
raise ValueError(_("Type %s is invalid, must be a node type") %
setype)
(rc, k) = semanage_node_key_create(self.sh, addr, mask, proto)
@@ -2235,7 +2235,6 @@ class fcontextRecords(semanageRecords):
try:
valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE,
"file_type"))[0]["types"])
valid_types += list(list(sepolicy.info(sepolicy.ATTRIBUTE,
"device_node"))[0]["types"])
-valid_types.append("<>")
except RuntimeError:
valid_types = []
@@ -2363,7 +2362,7 @@ class fcontextRecords(semanageRecords):
if type == "":
raise ValueError(_("SELinux Type is required"))
-if type not in self.valid_types:
+if type != "<>" and sepolicy.get_real_type_name(type) not in
self.valid_types:
raise ValueError(_("Type %s is invalid, must be a file or device
type") % type)
(rc, k) = semanage_fcontext_key_create(self.sh, target,
file_types[ftype])
@@ -2426,7 +2425,7 @@ class fcontextRecords(semanageRecords):
def __modify(self, target, setype, ftype, serange, seuser):
if serange == "" and setype == "" and seuser == "":
raise ValueError(_("Requires setype, serange or seuser"))
-if setype and setype not in self.valid_types:
+if setype not in ["", "<>"] and
sepolicy.get_real_type_name(setype) not in self.valid_types:
raise
[PATCH 2/3] python/sepolicy: Stop rejecting aliases in sepolicy commands
Fix CheckDomain and CheckPortType classes to properly deal with aliases.
Resolves: rhbz#169
---
python/sepolicy/sepolicy.py | 8 +++-
python/sepolicy/sepolicy/__init__.py | 10 +-
2 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index a000c1ad..01380fbe 100755
--- a/python/sepolicy/sepolicy.py
+++ b/python/sepolicy/sepolicy.py
@@ -60,8 +60,6 @@ class CheckPath(argparse.Action):
class CheckType(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
-domains = sepolicy.get_all_domains()
-
if isinstance(values, str):
setattr(namespace, self.dest, values)
else:
@@ -103,7 +101,7 @@ class CheckDomain(argparse.Action):
domains = sepolicy.get_all_domains()
if isinstance(values, str):
-if values not in domains:
+if sepolicy.get_real_type_name(values) not in domains:
raise ValueError("%s must be an SELinux process domain:\nValid
domains: %s" % (values, ", ".join(domains)))
setattr(namespace, self.dest, values)
else:
@@ -112,7 +110,7 @@ class CheckDomain(argparse.Action):
newval = []
for v in values:
-if v not in domains:
+if sepolicy.get_real_type_name(v) not in domains:
raise ValueError("%s must be an SELinux process
domain:\nValid domains: %s" % (v, ", ".join(domains)))
newval.append(v)
setattr(namespace, self.dest, newval)
@@ -167,7 +165,7 @@ class CheckPortType(argparse.Action):
if not newval:
newval = []
for v in values:
-if v not in port_types:
+if sepolicy.get_real_type_name(v) not in port_types:
raise ValueError("%s must be an SELinux port type:\nValid port
types: %s" % (v, ", ".join(port_types)))
newval.append(v)
setattr(namespace, self.dest, values)
diff --git a/python/sepolicy/sepolicy/__init__.py
b/python/sepolicy/sepolicy/__init__.py
index 8484b28c..0da3917b 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -447,6 +447,14 @@ def get_file_types(setype):
return mpaths
+# determine if entered type is an alias
+# and return corresponding type name
+def get_real_type_name(name):
+try:
+return next(info(TYPE, name))["name"]
+except (RuntimeError, StopIteration):
+return None
+
def get_writable_files(setype):
file_types = get_all_file_types()
all_writes = []
@@ -1061,7 +1069,7 @@ def gen_short_name(setype):
domainname = setype[:-2]
else:
domainname = setype
-if domainname + "_t" not in all_domains:
+if get_real_type_name(domainname + "_t") not in all_domains:
raise ValueError("domain %s_t does not exist" % domainname)
if domainname[-1] == 'd':
short_name = domainname[:-1] + "_"
--
2.17.1
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Fix alias handling in sepolicy and semaange
Sepolicy and semanage do not work with aliases properly (aliases are mostly treated as invalid types). Fix this by determining corresponding type when an alias is used and working with the type instead. python/semanage/seobject.py | 21 ++--- python/sepolicy/sepolicy.py | 8 +++- python/sepolicy/sepolicy/__init__.py | 22 ++ 3 files changed, 31 insertions(+), 20 deletions(-) ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
[PATCH v2] selinux: fix byte order and alignment issues in policydb.c
Add missing LE conversions to the Infiniband-related range checks. These
were causing a failure to load any policy with an ibendportcon rule on
BE systems. This can be reproduced by running:
cat >my_module.cil <
Cc: Eli Cohen
Cc: James Morris
Cc: Doug Ledford
Cc: # 4.13+
Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support")
Signed-off-by: Ondrej Mosnacek
---
security/selinux/ss/policydb.c | 28 +++-
1 file changed, 15 insertions(+), 13 deletions(-)
Changes in v2:
- add reproducer to commit message
- update e-mail address of James Morris
- better Cc also the old SELinux ML
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index f4eadd3f7350..2b310e8f2923 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -37,6 +37,7 @@
#include
#include
#include
+#include
#include "security.h"
#include "policydb.h"
@@ -2108,7 +2109,7 @@ static int ocontext_read(struct policydb *p, struct
policydb_compat_info *info,
{
int i, j, rc;
u32 nel, len;
- __le32 buf[3];
+ __le32 buf[4];
struct ocontext *l, *c;
u32 nodebuf[8];
@@ -2218,20 +2219,20 @@ static int ocontext_read(struct policydb *p, struct
policydb_compat_info *info,
break;
}
case OCON_IBPKEY:
- rc = next_entry(nodebuf, fp, sizeof(u32) * 4);
+ rc = next_entry(buf, fp, sizeof(u32) * 4);
if (rc)
goto out;
- c->u.ibpkey.subnet_prefix =
be64_to_cpu(*((__be64 *)nodebuf));
+ c->u.ibpkey.subnet_prefix =
get_unaligned_be64(buf);
- if (nodebuf[2] > 0x ||
- nodebuf[3] > 0x) {
+ if (le32_to_cpu(buf[2]) > 0x ||
+ le32_to_cpu(buf[3]) > 0x) {
rc = -EINVAL;
goto out;
}
- c->u.ibpkey.low_pkey = le32_to_cpu(nodebuf[2]);
- c->u.ibpkey.high_pkey = le32_to_cpu(nodebuf[3]);
+ c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]);
+ c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
rc = context_read_and_validate(>context[0],
p,
@@ -2249,7 +2250,8 @@ static int ocontext_read(struct policydb *p, struct
policydb_compat_info *info,
if (rc)
goto out;
- if (buf[1] > 0xff || buf[1] == 0) {
+ if (le32_to_cpu(buf[1]) > 0xff ||
+ le32_to_cpu(buf[1]) == 0) {
rc = -EINVAL;
goto out;
}
@@ -3105,7 +3107,7 @@ static int ocontext_write(struct policydb *p, struct
policydb_compat_info *info,
{
unsigned int i, j, rc;
size_t nel, len;
- __le32 buf[3];
+ __le32 buf[4];
u32 nodebuf[8];
struct ocontext *c;
for (i = 0; i < info->ocon_num; i++) {
@@ -3192,12 +3194,12 @@ static int ocontext_write(struct policydb *p, struct
policydb_compat_info *info,
return rc;
break;
case OCON_IBPKEY:
- *((__be64 *)nodebuf) =
cpu_to_be64(c->u.ibpkey.subnet_prefix);
+ put_unaligned_be64(c->u.ibpkey.subnet_prefix,
buf);
- nodebuf[2] = cpu_to_le32(c->u.ibpkey.low_pkey);
- nodebuf[3] = cpu_to_le32(c->u.ibpkey.high_pkey);
+ buf[2] = cpu_to_le32(c->u.ibpkey.low_pkey);
+ buf[3] = cpu_to_le32(c->u.ibpkey.high_pkey);
- rc = put_entry(nodebuf, sizeof(u32), 4, fp);
+ rc = put_entry(buf, sizeof(u32), 4, fp);
if (rc)
return rc;
rc = context_write(p, >context[0], fp);
--
2.17.2
___
Selinux mailing list
Selinux@tycho.nsa.gov
To unsubscribe, send email to selinux-le...@tycho.nsa.gov.
To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
