Return-Path: <SRS0=TLvV=SK=vger.kernel.org=selinux-refpolicy-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.0 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6995CC10F13
	for <selinux-refpolicy@archiver.kernel.org>; Mon,  8 Apr 2019 13:33:48 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 28276214C6
	for <selinux-refpolicy@archiver.kernel.org>; Mon,  8 Apr 2019 13:33:48 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=tresys.onmicrosoft.com header.i=@tresys.onmicrosoft.com header.b="isS/gaIv"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726512AbfDHNds (ORCPT
        <rfc822;selinux-refpolicy@archiver.kernel.org>);
        Mon, 8 Apr 2019 09:33:48 -0400
Received: from mail-eopbgr810133.outbound.protection.outlook.com ([40.107.81.133]:23346
        "EHLO NAM01-BY2-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726415AbfDHNdr (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Mon, 8 Apr 2019 09:33:47 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=tresys.onmicrosoft.com; s=selector1-tresys-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=FdaOZxw/1kR3jQ74EQrXwYrtAX/HGks7han+Ws3MNt0=;
 b=isS/gaIveclb+S7vf0MpLhLMVXEcDiUZKcGu1Lo8ZhK4u655fBTO07hwXulawwWaEH92RCQl2jevFbXdt4U2JjJXMFqzHdR6n5Ul+Xl8V4djJFUUlfnl99MY1LSsSQGhRFDDDnHTDHdkP59t+EsaVRiMLIJijizyFdmn47m5tAA=
Received: from BN6PR15MB1507.namprd15.prod.outlook.com (10.172.151.147) by
 BN6PR15MB1459.namprd15.prod.outlook.com (10.172.150.145) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1771.19; Mon, 8 Apr 2019 13:33:42 +0000
Received: from BN6PR15MB1507.namprd15.prod.outlook.com
 ([fe80::fdb0:ce55:b42a:f4b9]) by BN6PR15MB1507.namprd15.prod.outlook.com
 ([fe80::fdb0:ce55:b42a:f4b9%5]) with mapi id 15.20.1771.016; Mon, 8 Apr 2019
 13:33:42 +0000
From:   "Sugar, David" <dsugar@tresys.com>
To:     Chris PeBenito <pebenito@ieee.org>,
        "selinux-refpolicy@vger.kernel.org" 
        <selinux-refpolicy@vger.kernel.org>
Subject: Re: [PATCH] Resolve some denials related to sending journal messages
Thread-Topic: [PATCH] Resolve some denials related to sending journal messages
Thread-Index: AQHU6uIDVaxkQpME0U+r/Fn9yyk1ZqYxdQMAgADUkoA=
Date:   Mon, 8 Apr 2019 13:33:42 +0000
Message-ID: <5898f8be-d46d-1bbd-de56-d59316c1ee16@tresys.com>
References: <20190404122900.8945-1-dsugar@tresys.com>
 <20190404122900.8945-2-dsugar@tresys.com>
 <48f4a705-36e6-aca7-15e4-1c100785aaf8@ieee.org>
In-Reply-To: <48f4a705-36e6-aca7-15e4-1c100785aaf8@ieee.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [96.244.17.66]
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.6.1
x-clientproxiedby: BN6PR03CA0024.namprd03.prod.outlook.com
 (2603:10b6:404:23::34) To BN6PR15MB1507.namprd15.prod.outlook.com
 (2603:10b6:404:c6::19)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=dsugar@tresys.com; 
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: cb352a3d-ea9b-426e-8183-08d6bc26d0d3
x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(5600139)(711020)(4605104)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(2017052603328)(7193020);SRVR:BN6PR15MB1459;
x-ms-traffictypediagnostic: BN6PR15MB1459:
x-microsoft-antispam-prvs: <BN6PR15MB14590565F527B5D31C08BDD4B92C0@BN6PR15MB1459.namprd15.prod.outlook.com>
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(396003)(366004)(376002)(346002)(39830400003)(136003)(199004)(189003)(31686004)(186003)(71190400001)(110136005)(6246003)(53936002)(2616005)(11346002)(2501003)(6512007)(71200400001)(446003)(6436002)(65826007)(31696002)(26005)(476003)(102836004)(7736002)(8936002)(81156014)(81166006)(86362001)(6486002)(3846002)(5660300002)(97736004)(68736007)(6116002)(229853002)(305945005)(6506007)(53546011)(76176011)(8676002)(386003)(99286004)(106356001)(486006)(66066001)(105586002)(25786009)(36756003)(64126003)(58126008)(65956001)(52116002)(316002)(256004)(14444005)(14454004)(508600001)(2906002)(65806001);DIR:OUT;SFP:1102;SCL:1;SRVR:BN6PR15MB1459;H:BN6PR15MB1507.namprd15.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1;
received-spf: None (protection.outlook.com: tresys.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: mM4f9jFmn/v4H9aUK3Bm9yjAJTkFUD+q6nOWaIpN0J/01rBNYUP88GpYmNtPr9lYJX7OFoigqzXfY6nrT1J0ae7b4qI3vy8O/0cj/WD+7cqPl6GRqwukM8gy0SQAxTUAYVsei13GcaSAQT279qtIv+0NUYnZOVWJXwIq0DQCSBg8oC9dVrFdrnYoG1uEJydScapbjhTF7nxqFcC2SSuLa5fcnzmU/dj1ucAbh1DseQRDMkzMrrmmfbzAX36Dw1TTymj+bdrwPBKGrgJFMRoFup5oC4ak137RwbHKrAyjMGJ4FI6tyzLQp2ggRAxrV7/HFPylQ9e25RNruGDWkQHRO9ZZ9fK6AVlJ7Xz5wTy9xrXbDhAgzCf+xp6tc2vdZ3DEAP3wbH4NfRpgXvmU/huZ/BQ3Twtd2AOP4P69vHJ3JBI=
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <6BC874710D7D524489D37BE1F6E46E0B@namprd15.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: tresys.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cb352a3d-ea9b-426e-8183-08d6bc26d0d3
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 13:33:42.4120
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: a0d45667-6c07-4e88-868f-4ac9af95c7ed
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR15MB1459
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org


On 4/7/19 8:52 PM, Chris PeBenito wrote:
> On 4/4/19 8:29 AM, Sugar, David wrote:
>> type=3DAVC msg=3Daudit(1554324562.840:159): avc:=A0 denied=A0 { sendto }=
 for=A0=20
>> pid=3D7277 comm=3D"systemd-backlig" path=3D"/run/systemd/journal/socket"=
=20
>> scontext=3Dsystem_u:system_r:systemd_backlight_t:s0=20
>> tcontext=3Dsystem_u:system_r:kernel_t:s0 tclass=3Dunix_dgram_socket=20
>> permissive=3D1
>> type=3DAVC msg=3Daudit(1554324271.863:245): avc:=A0 denied=A0 { sendto }=
 for=A0=20
>> pid=3D7421 comm=3D"systemd-user-se" path=3D"/run/systemd/journal/socket"=
=20
>> scontext=3Dsystem_u:system_r:systemd_sessions_t:s0=20
>> tcontext=3Dsystem_u:system_r:kernel_t:s0 tclass=3Dunix_dgram_socket=20
>> permissive=3D0
>> type=3DAVC msg=3Daudit(1554324635.844:313): avc:=A0 denied=A0 { sendto }=
 for=A0=20
>> pid=3D7744 comm=3D"systemd-cryptse" path=3D"/run/systemd/journal/socket"=
=20
>> scontext=3Dsystem_u:system_r:lvm_t:s0=20
>> tcontext=3Dsystem_u:system_r:kernel_t:s0 tclass=3Dunix_dgram_socket=20
>> permissive=3D1
>
> I think we've reached the limit of the explicit kernel_dgram_send()=20
> and it's time to reevaluate putting this in logging_send_syslog_msg().
>
That makes sense.=A0 I will submit a patch after I test a bit.=A0 But it=20
looks like everywhere (except the systemd module) that uses=20
kernel_dgram_send() already has logging_send_syslog_msg() so once=20
kernel_dgram_send() is added to logging_send_syslog_msg(),=20
kernel_dgram_send() can removed from those domains.

The exceptions are:

1) In the systemd module there isn't much use of=20
logging_send_syslog_msg().=A0 For this case I will add=20
logging_send_syslog_msg() as required.

2) In the interface init_daemon_domain(), it uses kernel_dgram_send()=20
directly, there it probably doesn't need to use=20
logging_send_syslog_msg(). This may be able to go away as modules might=20
already use logging now, I will try removing and see what breaks.

>
>> Signed-off-by: Dave Sugar <dsugar@tresys.com>
>> ---
>> =A0 policy/modules/system/lvm.te=A0=A0=A0=A0 | 1 +
>> =A0 policy/modules/system/systemd.te | 4 ++++
>> =A0 2 files changed, 5 insertions(+)
>>
>> diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
>> index ec3b4a18..aea199d4 100644
>> --- a/policy/modules/system/lvm.te
>> +++ b/policy/modules/system/lvm.te
>> @@ -222,6 +222,7 @@ filetrans_pattern(lvm_t, lvm_etc_t,=20
>> lvm_metadata_t, file)
>> =A0 files_etc_filetrans(lvm_t, lvm_metadata_t, file)
>> =A0 files_search_mnt(lvm_t)
>> =A0 +kernel_dgram_send(lvm_t)
>> =A0 kernel_request_load_module(lvm_t)
>> =A0 kernel_get_sysvipc_info(lvm_t)
>> =A0 kernel_read_system_state(lvm_t)
>> diff --git a/policy/modules/system/systemd.te=20
>> b/policy/modules/system/systemd.te
>> index f6455f6f..541117a9 100644
>> --- a/policy/modules/system/systemd.te
>> +++ b/policy/modules/system/systemd.te
>> @@ -228,6 +228,8 @@ dev_rw_sysfs(systemd_backlight_t)
>> =A0 # for udev.conf
>> =A0 files_read_etc_files(systemd_backlight_t)
>> =A0 +kernel_dgram_send(systemd_backlight_t)
>> +
>> =A0 # for /run/udev/data/+backlight*
>> =A0 udev_read_pid_files(systemd_backlight_t)
>> =A0 @@ -981,6 +983,8 @@ allow systemd_sessions_t self:process setfscreat=
e;
>> =A0 allow systemd_sessions_t systemd_sessions_var_run_t:file=20
>> manage_file_perms;
>> =A0 files_pid_filetrans(systemd_sessions_t, systemd_sessions_var_run_t,=
=20
>> file)
>> =A0 +kernel_dgram_send(systemd_sessions_t)
>> +
>> =A0 selinux_get_enforce_mode(systemd_sessions_t)
>> =A0 selinux_get_fs_mount(systemd_sessions_t)
>>
>
>