Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp2624060pxa; Mon, 17 Aug 2020 14:42:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxi59qs43GXN1hSbvKepStdxyFA0TnKLxZX/lsLzZZFHv8PeCvOh76FCXW/a1nXzCaRjl7U X-Received: by 2002:a17:906:5f8a:: with SMTP id a10mr17585420eju.379.1597700569299; Mon, 17 Aug 2020 14:42:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597700569; cv=none; d=google.com; s=arc-20160816; b=GT89CgqRA+cZvMMQ72IH6rdyKqErZM739yNIMaNZwoG5r7ecOMqRJmKifn6Eb9FZao gEB4KGUiJg32E0Vh3Ge1IR2MiUVMZ6n9JKH4YYlCXo0WxhP5IwdzLUEDInx4JSMLZnnM OxL/9E+A3TT9sHxwYW3FVNT9+p1ke0eHT0KJq06eeu3gia2HjRs1joFG2tNSoxMNrTsg eQUpdYN65grfZFQWwM9UbPbuP7GAr9iIJjxAWQIsdRajgTo+WKvgIzYxSjCvaIipVuh1 6PdUNbvy0Tta2jifGQUlA0WgX3iFGfuUnNtxoNT2zYrGbA1HfjpO0IT7+JF5w/knMIko zyIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ORoHSxtiTq4YzQH57BZ8OapQ17e4/l2R6rtT3whnUIE=; b=prm4eYkR8/kX5BrLAkzF46SR6AJ+EsXfNjpOMEpltgIkXCYyWdJlX0uyEoXJ9P9xVc CzOv69nL+L4VyJMPf/N1jXxWanKReNdrsMZgTq33NEf4y6ObLyutnHsn29fS1DDowdPS BYnx8PuCyCSrD3ofjc4W2aRc6vuKjoVWd6E6MFIJKJ20QOCqIbv+HkSzsxbZEgitadLE syWllsR4ehriI/0IWDIRP4TNE5p2KUKSrFjAjUxfxzXWFuQ2QofKWPsMy3rDvYcWNrnh +kkjPiXMBUHDobTCqdq//kYooPrH66RWTL4rsGS+Uw+ks/2U43tTrWnCJjLJykVvTVvB X6ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yBf8Ij2m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x20si11687067eju.35.2020.08.17.14.42.25; Mon, 17 Aug 2020 14:42:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=yBf8Ij2m; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729541AbgHQPX0 (ORCPT + 99 others); Mon, 17 Aug 2020 11:23:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:46042 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729379AbgHQPWT (ORCPT ); Mon, 17 Aug 2020 11:22:19 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 67F6720709; Mon, 17 Aug 2020 15:22:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597677739; bh=i8CA6/j1VbHk5HL5gl8INswoxQFjy/h3zO5JJS8sS7M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=yBf8Ij2mDDZJZlt1SvOdAp53Ie0019JkJQcVgPH+b1zFoUPWr4//v8L5qL2MookaS 0dBT7etaUPQfh1QFHC1xXdWqrpw4Ndlm7jA5R+H0DZUkXHAPG2C0+V6Zzw1OeMXUVJ eZoTJcka7bb/fLv1wCbVc1MXA+jVF7jSg4xhIiA4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Stephen Smalley , Paul Moore , Sasha Levin Subject: [PATCH 5.8 059/464] scripts/selinux/mdp: fix initial SID handling Date: Mon, 17 Aug 2020 17:10:12 +0200 Message-Id: <20200817143836.591463966@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200817143833.737102804@linuxfoundation.org> References: <20200817143833.737102804@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Stephen Smalley [ Upstream commit 382c2b5d23b4245f1818f69286db334355488dc4 ] commit e3e0b582c321 ("selinux: remove unused initial SIDs and improve handling") broke scripts/selinux/mdp since the unused initial SID names were removed and the corresponding generation of policy initial SID definitions by mdp was not updated accordingly. Fix it. With latest upstream checkpolicy it is no longer necessary to include the SID context definitions for the unused initial SIDs but retain them for compatibility with older checkpolicy. Fixes: e3e0b582c321 ("selinux: remove unused initial SIDs and improve handling") Signed-off-by: Stephen Smalley Signed-off-by: Paul Moore Signed-off-by: Sasha Levin --- scripts/selinux/mdp/mdp.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scripts/selinux/mdp/mdp.c b/scripts/selinux/mdp/mdp.c index 576d11a60417b..6ceb88eb9b590 100644 --- a/scripts/selinux/mdp/mdp.c +++ b/scripts/selinux/mdp/mdp.c @@ -67,8 +67,14 @@ int main(int argc, char *argv[]) initial_sid_to_string_len = sizeof(initial_sid_to_string) / sizeof (char *); /* print out the sids */ - for (i = 1; i < initial_sid_to_string_len; i++) - fprintf(fout, "sid %s\n", initial_sid_to_string[i]); + for (i = 1; i < initial_sid_to_string_len; i++) { + const char *name = initial_sid_to_string[i]; + + if (name) + fprintf(fout, "sid %s\n", name); + else + fprintf(fout, "sid unused%d\n", i); + } fprintf(fout, "\n"); /* print out the class permissions */ @@ -126,9 +132,16 @@ int main(int argc, char *argv[]) #define OBJUSERROLETYPE "user_u:object_r:base_t" /* default sids */ - for (i = 1; i < initial_sid_to_string_len; i++) - fprintf(fout, "sid %s " SUBJUSERROLETYPE "%s\n", - initial_sid_to_string[i], mls ? ":" SYSTEMLOW : ""); + for (i = 1; i < initial_sid_to_string_len; i++) { + const char *name = initial_sid_to_string[i]; + + if (name) + fprintf(fout, "sid %s ", name); + else + fprintf(fout, "sid unused%d\n", i); + fprintf(fout, SUBJUSERROLETYPE "%s\n", + mls ? ":" SYSTEMLOW : ""); + } fprintf(fout, "\n"); #define FS_USE(behavior, fstype) \ -- 2.25.1