[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Adding a booleans.subs file to selinux policy.



On Fri, Mar 30, 2012 at 11:58 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Basically I am sick of some of the bad names we chose for booleans when we
> were first writing policy, so I want a mechanism to allow us to change the
> names but still support the old names.
>
> This patch will allow policy developers to ship a
> /etc/selinux/targeted/contexts/booleans.subs
>
> Then libselinux will check if a boolean name exists, if not it will see if
> there is a substitute name and attempt to use that.
>
> I have attached the libselinux_bools-subs.patch and the first pass at what a
> booleans.subs file will look like in Fedora 18.
+static int bool_open(const char *name, int flag) {
    ...
+
+	len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
Calling strlen() on NULL is not valid C, IIRC.

+	snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
Silent truncation?

Should work under benign conditions. Will probably fail in a hostile
environment.

Jeff

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux