Navigation

← Previous Changeset
Next Changeset →

Changeset 130

Timestamp:

06/08/05 15:05:16 (4 years ago)

Author:

sshimko

Message:

-Fixed entry and access validation (ensuring each ends a a non-decomposed domain)
-Validates domains to ensure comment above and that each domain w/ children has at least 1 subdomain
-Fixed entry constraint checks in parser.

Files:

trunk/build.xml (modified) (2 diffs)
trunk/frameworkcc.sh (modified) (1 diff)
trunk/src/com/tresys/framework/policy/Domain.java (modified) (5 diffs)
trunk/src/com/tresys/framework/policy/Enter.java (modified) (1 diff)
trunk/src/com/tresys/framework/policy/Policy.java (modified) (14 diffs)
trunk/src/com/tresys/framework/policy/PolicyParser.jj (modified) (3 diffs)
trunk/test/dictionary (modified) (1 diff)
trunk/test/testcases/constraint2 (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/build.xml

r103	r130
111	111	</target>
112	112
	113	<!-- Compile the dictionary parser -->
	114	<target name="compdictparser" depends="initbase,initdict">
	115	<!-- compile -->
	116	<javacc target="${dictbuild}/${dict_parse_class}${javacc_ext}"
	117	outputdirectory="${dictbuild}"
	118	javacchome="${javacchome}" />
	119	</target>
	120
113	121	<!-- Compile the dictionary -->
114		<target name="compdict" depends="initbase,initdict">
115		<!-- compile -->
116		<javacc target="${dictbuild}/${dict_parse_class}${javacc_ext}"
117		javacchome="${javacchome}" />
	122	<target name="compdict" depends="compdictparser">
	123	<!-- compile -->
118	124	<javac srcdir="${dictbuild}" destdir="${build}" >
119
120	125	<!-- <compilerarg value="-Xlint"/> -->
121	126	</javac>
…	…
166	171
167	172	<!-- Compile the policy classes -->
168		<target name="comppol" depends="compdict,initpol">
	173	<target name="comppolparser" depends="compdict,initpol">
169	174	<!-- compile -->
170	175	<javacc target="${polbuild}/${pol_parse_class}${javacc_ext}"
171	176	outputdirectory="${polbuild}"
172	177	javacchome="${javacchome}" />
	178	</target>
	179
	180	<!-- Compile the policy classes -->
	181	<target name="comppol" depends="comppolparser">
	182	<!-- compile -->
173	183	<javac srcdir="${polbuild}" destdir="${build}" />
174	184	</target>

trunk/frameworkcc.sh

r108	r130
1	1	#! /bin/sh
2		java -cp build/ com.tresys.framework.Compiler -ds $1 -p $2 -o $3
	2	java -cp build/ com.tresys.framework.Compiler -ds $1 -p $2 -o $3 $4
3	3

trunk/src/com/tresys/framework/policy/Domain.java

r122	r130
23	23	*/
24	24	public final class Domain extends ComponentWithFobjects{
25		private List<Component> children = null;
	25	// children references
	26	private final List<Component> children;
	27	private final List<Domain> childDomains;
	28	private final List<Resource> childResources;
	29	private final List<Entrypoint> childEntrypoints;
26	30
27	31	/**
…	…
42	46	super(n, par, verbSet);
43	47	entries = new LinkedList<Enter>();
	48
	49	children = new LinkedList<Component>();
	50	childDomains = new LinkedList<Domain>();
	51	childResources = new LinkedList<Resource>();
	52	childEntrypoints = new LinkedList<Entrypoint>();
44	53	}
45	54
…	…
52	61	* @param child Child component
53	62	*/
54		public void AddChild(Component child){
55		if (children == null)
56		children = new LinkedList<Component>();
	63	public void AddChild(Domain child){
	64	childDomains.add(child);
	65	children.add(child);
	66	}
	67
	68	/**
	69	* Add a child component to this domain.
	70	* <br><strong>Warning:</strong> No checks are performed
	71	* here to ensure validity of input, that is the parsers job. Any
	72	* input passed to this method is assumed to be valid in all respects.
	73	*
	74	* @param child Child component
	75	*/
	76	public void AddChild(Resource child){
	77	childResources.add(child);
	78	children.add(child);
	79	}
	80
	81	/**
	82	* Add a child component to this domain.
	83	* <br><strong>Warning:</strong> No checks are performed
	84	* here to ensure validity of input, that is the parsers job. Any
	85	* input passed to this method is assumed to be valid in all respects.
	86	*
	87	* @param child Child component
	88	*/
	89	public void AddChild(Entrypoint child){
	90	childEntrypoints.add(child);
57	91	children.add(child);
58	92	}
…	…
65	99	*/
66	100	public List<Component> GetChildren(){
67		return children;
	101	return children;
	102	}
	103
	104	/**
	105	* Retrieve list of children associated with this domain.
	106	*
	107	* @return A list of direct (1 layer of separation)
	108	* children of this domain.
	109	*/
	110	public List<Domain> GetChildDomains(){
	111	return childDomains;
	112	}
	113
	114	/**
	115	* Retrieve list of children associated with this domain.
	116	*
	117	* @return A list of direct (1 layer of separation)
	118	* children of this domain.
	119	*/
	120	public List<Resource> GetChildResources(){
	121	return childResources;
	122	}
	123
	124	/**
	125	* Retrieve list of children associated with this domain.
	126	*
	127	* @return A list of direct (1 layer of separation)
	128	* children of this domain.
	129	*/
	130	public List<Entrypoint> GetChildEntrypoints(){
	131	return childEntrypoints;
68	132	}
69	133
…	…
87	151	public List<Enter> GetEntries(){
88	152	return entries;
89		}
	153	}
	154
	155	/**
	156	* Check if an enter statement is present with the given criteria.
	157	*
	158	* @param src Source domain to match, or null to match any
	159	* @param dest Destination domain to match, or null to match any
	160	* @param ep Entrypoint to match, or null to match any
	161	* @return true if this domain has an enter that matches the given criteria, false otherwise.
	162	*/
	163	public boolean IsEnterPresent(Domain src, Domain dest, Entrypoint ep)
	164	{
	165	for(Enter enter: entries)
	166	{
	167	if (src != null && src != enter.DomainStart)
	168	continue;
	169	if (dest != null && dest != enter.DomainEnd)
	170	continue;
	171	if (ep != null && ep != enter.Entrypoint)
	172	continue;
	173	return true;
	174	}
	175	return false;
	176	}
90	177	}

trunk/src/com/tresys/framework/policy/Enter.java

r112	r130
27	27	* @see Component
28	28	*/
29		public final class Enter{
	29	public final class Enter
	30	{
30	31	/** The starting domain in the transition */
31	32	public final Domain DomainStart;

trunk/src/com/tresys/framework/policy/Policy.java

r129	r130
8	8	*/
9	9	package com.tresys.framework.policy;
	10
	11	import com.tresys.framework.dictionary.*;
10	12
11	13	import java.util.*;
…	…
82	84	return true;
83	85	}
84
	86
85	87	/**
86	88	* Add a resource to the policy.
…	…
95	97	return false;
96	98	}
97
	99
98	100	resources.put(res.Name, res);
99	101	return true;
100	102	}
101
	103
102	104	/**
103	105	* Add an entrypoint to the policy.
…	…
112	114	return false;
113	115	}
114
	116
115	117	entrypoints.put( ep.Name, ep );
116	118	return true;
117	119	}
118
	120
119	121	/**
120	122	* Add an access to the policy.
…	…
130	132	*/
131	133	String key = axx.toString();
132
	134
133	135	if (accesses.containsKey(key)){
134	136	return false;
135	137	}
136
	138
137	139	accesses.put(key, axx);
138	140	return true;
139	141	}
140
	142
141	143	/**
142	144	* Add an entry to the policy. Due to constraints this is done
…	…
158	160	* acts as a key
159	161	*/
160
	162
161	163	entries.put( key, list );
162	164	}
163
	165
164	166	/**
165	167	* Retrieve map of domains.
…	…
170	172	return domains;
171	173	}
172
	174
173	175	/**
174	176	* Retrieve map of resources.
…	…
179	181	return resources;
180	182	}
181
	183
182	184	/**
183	185	* Retrieve map of entrypoints.
…	…
197	199	return entries;
198	200	}
199
	201
200	202	/**
201	203	* Retrieve map of accesses.
…	…
206	208	return accesses;
207	209	}
208
	210
209	211	/**
210	212	* Retrieve a domain.
…	…
216	218	return domains.get(key);
217	219	}
218
	220
219	221	/**
220	222	* Retrieve a resource.
…	…
226	228	return resources.get(key);
227	229	}
228
	230
229	231	/**
230	232	* Retrieve an entrypoints.
…	…
246	248	return entries.get(key);
247	249	}
248
	250
249	251	/**
250	252	* Retrieve an accesses.
…	…
256	258	return accesses.get(key);
257	259	}
258
259		/**
260		* Test policy for complete definition.
261		*
262		* @return <code>true</code> if policy is completely defined
	260
	261	/**
	262	* Test policy for complete definition. Some validation cannot
	263	* occur until the entire policy is constructed. One example being
	264	* the search for orphaned entry/accesses. That is an access or entry
	265	* that enters a parent but is never used by the children. This is
	266	* because the SEFramework model requires that only non-decomposed
	267	* domains can contain active entities, or processes.
	268	*
	269	* @return <code>true</code> if policy is valid.
263	270	*/
264	271	public final boolean Validate ( ){
265	272	boolean valid = true;
266	273
267		// traverse domains to ensure that only lowest level domains are entered
268		for (Map.Entry<String,Domain> _domain: domains.entrySet()){
269		Domain domain = _domain.getValue();
270		// traverse the list of entries associated with each domain
271		for (Enter enter: domain.GetEntries()){
272		if (enter.DomainStart == domain){
273
274		} else if (enter.DomainEnd == domain){
275
276		} else {
277		Config.Error("Compiler is broken! Domain was associated with "
278		+ "a transition although its not the source or destination!");
	274	// check for an entry that does not continue to a non-decomposed domain
	275	for (Map.Entry<String,Domain> domain: domains.entrySet()){
	276	valid &= validateDomain(domain.getValue());
	277	}
	278
	279	// check for an access that does not continue to a non-decomposed domain
	280	for (Map.Entry<String,Access> access: accesses.entrySet())
	281	{
	282	valid &= validateAccess(access.getValue());
	283	}
	284
	285	return valid;
	286	}
	287
	288	private boolean validateDomain(Domain domain)
	289	{
	290	boolean valid = true;
	291	// traverse the list of entries associated with this domain
	292	for (Enter enter: domain.GetEntries())
	293	{
	294	// only validate sources b/c validation occurs on entire transition
	295	if (enter.DomainStart == domain)
	296	valid &= validateEnter(enter);
	297	}
	298
	299	// check for decomposed domains w/out child domains
	300	if (domain.GetChildren().size() > 0 && domain.GetChildDomains().size() == 0){
	301	Config.Error("Decomposed domain must contain at least one child domain: " + domain.Name);
	302	valid = false;
	303	}
	304
	305	return valid;
	306	}
	307
	308	private boolean validateEnter(Enter enter)
	309	{
	310	Domain source = enter.DomainStart;
	311	Domain dest = enter.DomainEnd;
	312	Entrypoint entrypoint = enter.Entrypoint;
	313
	314	// if neither one has kids
	315	if (source.GetChildDomains().size() == 0 && dest.GetChildDomains().size() == 0)
	316	return true;
	317
	318	// if the source domain has children
	319	if (source.GetChildDomains().size() > 0) {
	320	if (dest.GetChildDomains().size() > 0)
	321	{
	322	for (Domain child: source.GetChildDomains())
	323	{
	324	for (Enter checkEnter: child.GetEntries())
	325	{
	326	if(checkEnter.DomainStart == child &&
	327	checkEnter.Entrypoint == entrypoint &&
	328	checkEnter.DomainEnd.Parent == dest)
	329	return true;
	330	}
	331	}
	332	Config.Error("Enter from source parent domain to destination parent domain without enter between children: " + enter.toString().replace(Config.DELIM, " "));
	333	}
	334	else
	335	{
	336	for (Domain child: source.GetChildDomains())
	337	{
	338	if (child.IsEnterPresent(child, dest, entrypoint))
	339	return true;
	340	}
	341	Config.Error("Enter from source without enter from source's child: " + enter.toString().replace(Config.DELIM, " "));
	342	}
	343	}
	344	else
	345	{
	346	for (Enter checkEnter: source.GetEntries())
	347	{
	348	if (checkEnter == enter \|\| checkEnter.DomainStart != source \|\| checkEnter.Entrypoint != enter.Entrypoint)
	349	continue;
	350	if (dest.GetChildDomains().size() > 0 && checkEnter.DomainEnd.Parent == dest)
	351	return true;
	352	else if (checkEnter.DomainEnd == dest)
	353	return true;
	354	}
	355	Config.Error("Enter into target without enter into target's child: " + enter.toString().replace(Config.DELIM, " "));
	356	}
	357
	358	return false;
	359	}
	360
	361	private boolean validateAccess(Access access) {
	362	if (access.Domain.GetChildDomains().size() > 0) {
	363	Access childAccess;
	364	for (Domain child: access.Domain.GetChildDomains()) {
	365	for (Map.Entry<ComponentWithFobjects,Access> ca:child.GetAccess(access.Verb).entrySet()) {
	366	childAccess = ca.getValue();
	367	if (childAccess.Resource == access.Resource)
	368	return true;
279	369	}
280	370	}
281		}
282		return valid;
	371	Config.Error("Access from parent not used by any children: " + access.toString().replace(Config.DELIM, " "));
	372	return false;
	373	}
	374	return true;
283	375	}
284	376	}

trunk/src/com/tresys/framework/policy/PolicyParser.jj

r129	r130
140	140	parser.Start();
141	141
142		if (genPolicy.Validate()){
	142	if (genPolicy.Validate()) {
143	143	System.out.println("Validated policy.");
144	144	} else {
…	…
793	793	list = genPolicy.GetEnter(key);
794	794
	795	if (domainSrc.Depth < domainDest.Depth)
	796	{
	797	if (domainSrc.GetChildDomains().size() > 0)
	798	ErrorGenerate(tokEntry, "levels check, source");
	799	}
	800	else if (domainSrc.Depth > domainDest.Depth)
	801	{
	802	if (domainDest.GetChildDomains().size() > 0)
	803	ErrorGenerate(tokEntry, "levels check, target");
	804	}
	805	else // Depths are the same
	806	{
	807	if (domainSrc.Parent != null) // if true, the dest will have a parent as well (depth != 0)
	808	{
	809	boolean found = false;
	810	for (Enter srcEnter: domainSrc.Parent.GetEntries())
	811	{
	812	AccessDefnEP parentDefn = srcEnter.AccessDef;
	813	if (axxDefnEP.IsSubsetOf(parentDefn))
	814	{
	815	found = true;
	816	break;
	817	}
	818	}
	819	if (!found)
	820	ErrorGenerate(tokEntry, "not subset of");
	821	}
	822	}
	823
795	824	// if another domain source+exec combination exists
796	825	if (list != null) {
797	826	// check for duplicate
798		for (Enter tempEnter:list){
	827	for (Enter tempEnter:list) {
799	828	if (tempEnter.DomainStart == domainSrc
800	829	&& tempEnter.DomainEnd == domainDest
801		&& tempEnter.Entrypoint == entrypoint){
	830	&& tempEnter.Entrypoint == entrypoint) {
802	831	ErrorGenerate(tokEntry,
803		"Duplicate ~~definition of entrypoi~~nt. Please remove this occurence.");
	832	"Duplicate enter statement. Please remove this occurence.");
804	833	return;
805	834	}
…	…
808	837	// if the source and destination have the same parent (or no parent)
809	838	// no additional constraint checks required
810		if (domainSrc.Parent == domainDest.Parent){
	839	if (domainSrc.Parent == domainDest.Parent) {
811	840	enter = new Enter(domainSrc, domainDest, entrypoint, axxDefnEP);
812	841	list.add(enter);
813		}else if (list.getLast().DomainEnd == domainDest.Parent) {
	842	} else if (list.getLast().DomainEnd == domainDest.Parent) {
814	843	enter = new Enter(domainSrc, domainDest, entrypoint, axxDefnEP);
815	844	list.add(enter);

trunk/test/dictionary

r121	r130
273	273	}
274	274	start end {
275		process { transition noatsecure rlimitinh ~~siginh~~ }
	275	process { transition noatsecure rlimitinh }
276	276	}
277	277	end start {

trunk/test/testcases/constraint2

r120	r130
7	7
8	8	enter foo bar exec {test};
9		enter foo.baz bar.baz exec {test};
	9	enter foo bar.baz exec {test};
	10	enter foo.baz bar.baz exec;
	11	#enter foo.baz bar.baz exec {test};
10	12
11	13	domain baz { mqueues@ };
12	14	access foo mqueues@baz read;
	15	access foo.baz mqueues@baz read;

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.