Commit 7383c0f9 authored by Stephen Smalley's avatar Stephen Smalley Committed by Paul Moore

selinux: log error messages on required process class / permissions

In general SELinux no longer treats undefined object classes or permissions
in the policy as a fatal error, instead handling them in accordance with
handle_unknown. However, the process class and process transition and
dyntransition permissions are still required to be defined due to
dependencies on these definitions for default labeling behaviors,
role and range transitions in older policy versions that lack an explicit
class field, and role allow checking.  Log error messages in these cases
since otherwise the policy load will fail silently with no indication
to the user as to the underlying cause.  While here, fix the checking for
process transition / dyntransition so that omitting either permission is
handled as an error; both are needed in order to ensure that role allow
checking is consistently applied.
Reported-by: default avatarbauen1 <j2468h@googlemail.com>
Signed-off-by: default avatarStephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 382c2b5d
...@@ -2376,7 +2376,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -2376,7 +2376,7 @@ int policydb_read(struct policydb *p, void *fp)
struct role_trans_datum *rtd = NULL; struct role_trans_datum *rtd = NULL;
int i, j, rc; int i, j, rc;
__le32 buf[4]; __le32 buf[4];
u32 len, nprim, nel; u32 len, nprim, nel, perm;
char *policydb_str; char *policydb_str;
struct policydb_compat_info *info; struct policydb_compat_info *info;
...@@ -2519,8 +2519,10 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -2519,8 +2519,10 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL; rc = -EINVAL;
p->process_class = string_to_security_class(p, "process"); p->process_class = string_to_security_class(p, "process");
if (!p->process_class) if (!p->process_class) {
pr_err("SELinux: process class is required, not defined in policy\n");
goto bad; goto bad;
}
rc = avtab_read(&p->te_avtab, fp, p); rc = avtab_read(&p->te_avtab, fp, p);
if (rc) if (rc)
...@@ -2618,10 +2620,18 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -2618,10 +2620,18 @@ int policydb_read(struct policydb *p, void *fp)
goto bad; goto bad;
rc = -EINVAL; rc = -EINVAL;
p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition"); perm = string_to_av_perm(p, p->process_class, "transition");
p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition"); if (!perm) {
if (!p->process_trans_perms) pr_err("SELinux: process transition permission is required, not defined in policy\n");
goto bad;
}
p->process_trans_perms = perm;
perm = string_to_av_perm(p, p->process_class, "dyntransition");
if (!perm) {
pr_err("SELinux: process dyntransition permission is required, not defined in policy\n");
goto bad; goto bad;
}
p->process_trans_perms |= perm;
rc = ocontext_read(p, info, fp); rc = ocontext_read(p, info, fp);
if (rc) if (rc)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment