Re: maybe a bug in SELinux: security_context_to_sid_core

From: Zhang, Ning A
Date: Thu Mar 08 2018 - 21:08:06 EST

Next message: Brendan Higgins: "Re: [PATCH 1/2] ARM: npcm: add CONFIG_ARCH_MULTI_V7 dependency"
Previous message: Peng Li: "[PATCH net-next 4/9] net: hns3: fix for pause configuration lost during reset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, Bill

For below SELinux behavior, do you know why.

BR.
Ning.

å 2018-02-28äç 14:47 +0800ïZhang Ningåéï
> Hi,
>
> Before SELinux is initialized, get scontext by secid by using:
>
> security_secctx_to_secid() may return wrong numbe
>
> eg:
> security_secctx_to_secid("devnull", strlen("devnull"), &sid);
>
> sid here will be 1
>
> because:
>
> in security_context_to_sid_core:
>
> ...
> if (!ss_initialized) {
> int i;
>
> for (i = 1; i < SECINITSID_NUM; i++) {
> if (!strcmp(initial_sid_to_string[i],
> scontext)) {
> *sid = i;
> return 0;
> }
> }
> *sid = SECINITSID_KERNEL;
> return 0;
> }
> ...
>
> and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
> right secid for "devnull".
>
> is this by design or bug?
>
> BR.
> Ning.

Next message: Brendan Higgins: "Re: [PATCH 1/2] ARM: npcm: add CONFIG_ARCH_MULTI_V7 dependency"
Previous message: Peng Li: "[PATCH net-next 4/9] net: hns3: fix for pause configuration lost during reset"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]