Hi,
Before SELinux is initialized, get scontext by secid by using:
security_secctx_to_secid() may return wrong numbe
eg:
security_secctx_to_secid("devnull", strlen("devnull"), &sid);
sid here will be 1
because:
in security_context_to_sid_core:
...
if (!ss_initialized) {
int i;
for (i = 1; i < SECINITSID_NUM; i++) {
if (!strcmp(initial_sid_to_string[i],
scontext)) {
*sid = i;
return 0;
}
}
*sid = SECINITSID_KERNEL;
return 0;
}
...
and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
right secid for "devnull".
is this by design or bug?
BR.
Ning.
Hi, Bill
For below SELinux behavior, do you know why.
BR.
Ning.
在 2018-02-28三的 14:47 +0800,Zhang Ning写道:
> Hi,
>
> Before SELinux is initialized, get scontext by secid by using:
>
> security_secctx_to_secid() may return wrong numbe
>
> eg:
> security_secctx_to_secid("devnull", strlen("devnull"), &sid);
>
> sid here will be 1
>
> because:
>
> in security_context_to_sid_core:
>
> ...
> if (!ss_initialized) {
> int i;
>
> for (i = 1; i < SECINITSID_NUM; i++) {
> if (!strcmp(initial_sid_to_string[i],
> scontext)) {
> *sid = i;
> return 0;
> }
> }
> *sid = SECINITSID_KERNEL;
> return 0;
> }
> ...
>
> and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
> right secid for "devnull".
>
> is this by design or bug?
>
> BR.
> Ning.