[PATCH 10/10 v2] secilc: Add a CIL policy file to test bounds checking.

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: James Carter <jwcart2@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH 10/10 v2] secilc: Add a CIL policy file to test bounds checking.
Date: Wed, 17 Jun 2015 15:58:54 -0400	[thread overview]
Message-ID: <1434571134-31452-11-git-send-email-jwcart2@tycho.nsa.gov> (raw)
In-Reply-To: <1434571134-31452-1-git-send-email-jwcart2@tycho.nsa.gov>

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 secilc/test/bounds.cil | 241 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 241 insertions(+)
 create mode 100644 secilc/test/bounds.cil

diff --git a/secilc/test/bounds.cil b/secilc/test/bounds.cil
new file mode 100644
index 0000000..e72560e
--- /dev/null
+++ b/secilc/test/bounds.cil
@@ -0,0 +1,241 @@
+(class CLASS (PERM))
+(classorder (CLASS))
+(sid SID)
+(sidorder (SID))
+(user USER)
+(role ROLE)
+(type TYPE)
+(category CAT)
+(categoryorder (CAT))
+(sensitivity SENS)
+(sensitivityorder (SENS))
+(sensitivitycategory SENS (CAT))
+(allow TYPE self (CLASS (PERM)))
+(roletype ROLE TYPE)
+(userrole USER ROLE)
+(userlevel USER (SENS))
+(userrange USER ((SENS)(SENS (CAT))))
+(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
+
+(class c1 (p1a p1b p1c))
+(class c2 (p2a p2b p2c))
+(class c3 (p3a p3b p3c))
+
+(classorder (CLASS c1 c2 c3))
+
+(classpermission cp1)
+(classpermissionset cp1 (c1 (p1a p1b)))
+(classpermissionset cp1 (c2 (p2a)))
+
+(classmap cm1 (mp1))
+(classmapping cm1 mp1
+	      (c1 (p1a)))
+
+(boolean b_b1 false)
+(boolean b_b2 false)
+(boolean b_b3 false)
+
+
+(type b_ta)
+(type b_tb)
+(type b_tc)
+(type b_td)
+
+
+;; All of these rules should pass the bounds check
+(type b_t1)
+(type b_t1_c)
+(typebounds b_t1 b_t1_c)
+
+(allow b_t1 self (CLASS (PERM)))
+(allow b_t1_c self (CLASS (PERM)))
+(allow b_t1 b_ta (CLASS (PERM)))
+(allow b_t1_c b_ta (CLASS (PERM)))
+(allow b_ta b_t1 (CLASS (PERM)))
+(allow b_ta b_t1_c (CLASS (PERM)))
+
+(booleanif b_b1
+  (false
+    (allow b_t1 b_tb (CLASS (PERM)))
+    (allow b_t1_c b_tb (CLASS (PERM)))
+    (allow b_tb b_t1 (CLASS (PERM)))
+    (allow b_tb b_t1_c (CLASS (PERM)))))
+
+(allow b_t1 b_tc (CLASS (PERM)))
+(allow b_tc b_t1 (CLASS (PERM)))
+(booleanif b_b2
+  (false
+    (allow b_t1_c b_tc (CLASS (PERM)))
+    (allow b_tc b_t1_c (CLASS (PERM)))))
+
+(allow b_t1_c b_td (CLASS (PERM)))
+(allow b_td b_t1_c (CLASS (PERM)))
+(booleanif b_b3
+  (true
+    (allow b_t1 b_td (CLASS (PERM)))
+    (allow b_td b_t1 (CLASS (PERM))))
+  (false
+    (allow b_t1 b_td (CLASS (PERM)))
+    (allow b_td b_t1 (CLASS (PERM)))))
+
+
+;; All of these rules should pass the bounds check
+(type b_t2)
+(type b_t2_c)
+(typebounds b_t2 b_t2_c)
+(typeattribute b_a2)
+(typeattribute b_a2_c)
+(typeattributeset b_a2 b_t2)
+(typeattributeset b_a2_c b_t2_c)
+
+(allow b_a2 self (CLASS (PERM)))
+(allow b_a2_c self (CLASS (PERM)))
+(allow b_a2 b_ta (CLASS (PERM)))
+(allow b_a2_c b_ta (CLASS (PERM)))
+(allow b_ta b_a2 (CLASS (PERM)))
+(allow b_ta b_a2_c (CLASS (PERM)))
+
+(booleanif b_b1
+  (false
+    (allow b_a2 b_tb (CLASS (PERM)))
+    (allow b_a2_c b_tb (CLASS (PERM)))
+    (allow b_tb b_a2 (CLASS (PERM)))
+    (allow b_tb b_a2_c (CLASS (PERM)))))
+
+(allow b_a2 b_tc (CLASS (PERM)))
+(allow b_tc b_a2 (CLASS (PERM)))
+(booleanif b_b2
+  (false
+    (allow b_a2_c b_tc (CLASS (PERM)))
+    (allow b_tc b_a2_c (CLASS (PERM)))))
+
+(allow b_a2_c b_td (CLASS (PERM)))
+(allow b_td b_a2_c (CLASS (PERM)))
+(booleanif b_b3
+  (true
+    (allow b_a2 b_td (CLASS (PERM)))
+    (allow b_td b_a2 (CLASS (PERM))))
+  (false
+    (allow b_a2 b_td (CLASS (PERM)))
+    (allow b_td b_a2 (CLASS (PERM)))))
+
+
+;; All of these rules should fail the bounds check
+(type b_t3)
+(type b_t3_c)
+(typebounds b_t3 b_t3_c)
+
+(allow b_t3 self (CLASS (PERM)))
+(allow b_t3_c self (c1 (p1a)))
+(allow b_t3 b_ta (CLASS (PERM)))
+(allow b_t3_c b_ta (c1 (p1a)))
+(allow b_ta b_t3 (CLASS (PERM)))
+(allow b_ta b_t3_c (c1 (p1a)))
+
+(booleanif b_b1
+  (false
+    (allow b_t3_c b_tb (c1 (p1a)))
+    (allow b_tb b_t3_c (c1 (p1a)))))
+
+(booleanif b_b2
+  (true
+    (allow b_t3_c b_tc (c1 (p1a)))
+    (allow b_tc b_t3_c (c1 (p1a))))
+  (false
+    (allow b_t3 b_tc (c1 (p1a)))
+    (allow b_tc b_t3 (c1 (p1a)))))
+
+(allow b_t3_c b_td (c1 (p1a)))
+(allow b_td b_t3_c (c1 (p1a)))
+(booleanif b_b3
+  (false
+    (allow b_t3 b_td (c1 (p1a)))
+    (allow b_td b_t3 (c1 (p1a)))))
+
+
+;; All of these rules should fail the bounds check
+(type b_t4)
+(type b_t4_c)
+(typebounds b_t4 b_t4_c)
+(typeattribute b_a4)
+(typeattribute b_a4_c)
+(typeattributeset b_a4 b_t4)
+(typeattributeset b_a4_c b_t4_c)
+
+(allow b_a4 self (CLASS (PERM)))
+(allow b_a4_c self (c1 (p1a)))
+(allow b_a4 b_ta (CLASS (PERM)))
+(allow b_a4_c b_ta (c1 (p1a)))
+(allow b_ta b_a4 (CLASS (PERM)))
+(allow b_ta b_a4_c (c1 (p1a)))
+
+(booleanif b_b1
+  (false
+    (allow b_a4_c b_tb (c1 (p1a)))
+    (allow b_tb b_a4_c (c1 (p1a)))))
+
+(booleanif b_b2
+  (true
+    (allow b_a4_c b_tc (c1 (p1a)))
+    (allow b_tc b_a4_c (c1 (p1a))))
+  (false
+    (allow b_a4 b_tc (c1 (p1a)))
+    (allow b_tc b_a4 (c1 (p1a)))))
+
+(allow b_a4_c b_td (c1 (p1a)))
+(allow b_td b_a4_c (c1 (p1a)))
+(booleanif b_b3
+  (false
+    (allow b_a4 b_td (c1 (p1a)))
+    (allow b_td b_a4 (c1 (p1a)))))
+
+
+;; Marked rules should fail, all others should pass
+(type b_t5)
+(type b_t5_c)
+(typebounds b_t5 b_t5_c)
+
+(allow b_t5 b_ta cp1)
+(allow b_t5_c b_ta (c1 (p1a)))
+(allow b_t5_c b_ta (c2 (p2a)))
+(allow b_t5_c b_ta (c2 (p2b))) ;; Fail
+(allow b_t5_c b_ta (c3 (p3a))) ;; Fail
+
+(allow b_t5 b_tb (c1 (p1a p1b)))
+(allow b_t5 b_tb (c2 (p2a)))
+(allow b_t5_c b_tb cp1)
+
+(allow b_t5 b_tc (cm1 (mp1)))
+(allow b_t5_c b_tc (c1 (p1a)))
+(allow b_t5_c b_tc (c1 (p1b))) ;; Fail
+(allow b_t5_c b_tc (c2 (p2a))) ;; Fail
+
+(allow b_t5 b_tc (c1 (p1a)))
+(allow b_t5_c b_tc (cm1 (mp1)))
+
+
+;; Marked rules should fail, all others should pass
+(type b_t6a)
+(type b_t6a_c)
+(type b_t6b)
+(type b_t6b_c)
+(typebounds b_t6a b_t6a_c)
+(typebounds b_t6b b_t6b_c)
+
+(allow b_t6a b_t6b (CLASS (PERM)))
+(allow b_t6a_c b_t6b_c (CLASS (PERM)))
+
+;; Needs: (allow b_t6a b_t6b (c1 (p1a)))
+(allow b_t6a_c b_t6b (c1 (p1a))) ;; Fail
+(allow b_t6a_c b_t6b_c (c1 (p1a))) ;; Fail
+
+;; Needs: (allow b_t6a b_t6b (c2 (p2a)))
+(allow b_t6a b_t6b_c (c2 (p2a))) ;; Fail
+(allow b_t6a_c b_t6b (c2 (p2a))) ;; Fail
+(allow b_t6a_c b_t6b_c (c2 (p2a)))
+
+;; Needs: (allow b_t6a b_t6b (c3 (p3c)))
+(allow b_t6a b_t6b (c3 (p3a p3b)))
+(allow b_t6a b_t6b_c (c3 (p3b p3c))) ;; Fail
+(allow b_t6a_c b_t6b (c3 (p3a p3c))) ;; Fail
+(allow b_t6a_c b_t6b_c (c3 (p3a p3b p3c))) ;; Fail
-- 
1.9.3

     prev parent reply	other threads:[~2015-06-17 19:58 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-17 19:58 [PATCH 00/10 v2] Improve libsepol and CIL neverallow and bounds checking James Carter
2015-06-17 19:58 ` [PATCH 01/10 v2] libsepol: Add new ebitmap function named ebitmap_match_any() James Carter
2015-06-18 13:23   ` Stephen Smalley
2015-06-17 19:58 ` [PATCH 02/10 v2] libsepol: Treat types like an attribute in the attr_type_map James Carter
2015-06-18 13:41   ` Stephen Smalley
2015-06-18 13:52     ` Stephen Smalley
2015-06-18 20:16     ` James Carter
2015-06-18 20:21       ` Stephen Smalley
2015-06-18 20:23         ` Stephen Smalley
2015-06-17 19:58 ` [PATCH 03/10 v2] libsepol: Refactored neverallow checking James Carter
2015-06-17 19:58 ` [PATCH 04/10 v2] libsepol: Refactored bounds (hierarchy) checking code James Carter
2015-06-18 13:56   ` Stephen Smalley
2015-06-18 20:26     ` James Carter
2015-06-18 20:29       ` Stephen Smalley
2015-06-18 20:35         ` James Carter
2015-06-17 19:58 ` [PATCH 05/10 v2] libsepol/cil: Add function to search the CIL AST for an AV rule James Carter
2015-06-17 19:58 ` [PATCH 06/10 v2] libsepol/cil: Refactored CIL neverallow checking and reporting James Carter
2015-06-17 19:58 ` [PATCH 07/10 v2] libsepol/cil: Track number of classes and number of types and attributes James Carter
2015-06-17 19:58 ` [PATCH 08/10 v2] libsepol/cil: Add CIL bounds checking and reporting James Carter
2015-06-17 19:58 ` [PATCH 09/10 v2] secilc: Add a CIL policy file to test neverallow checking James Carter
2015-06-17 19:58 ` James Carter [this message]

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:e72560e
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1434571134-31452-11-git-send-email-jwcart2@tycho.nsa.gov \
    --to=jwcart2@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.