Navigation

← Previous Changeset
Next Changeset →

Changeset 1964

Timestamp:

02/29/08 13:29:52 (9 months ago)

Author:

dsugar

Message:

include the reason for the av failure

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/mls/framework-plugin/src/com/tresys/framework/compiler/policy/Component.java

r1963	r1964
25	25	import com.tresys.framework.compiler.AbstractToken;
26	26	import com.tresys.framework.compiler.linkage.Linkage;
	27	import com.tresys.framework.compiler.mls.MLSSupport;
27	28
28	29	/**
…	…
214	215	* @return
215	216	*/
216		public String getSensitivity ()
	217	public String getSensitivity (MLSSupport i_support)
217	218	{
218	219	return "s0";
…	…
223	224	* @return
224	225	*/
225		public String getFullContext ()
	226	public String getFullContext (MLSSupport i_support)
226	227	{
227	228	StringBuffer buf = new StringBuffer ();
…	…
231	232	buf.append (':');
232	233	buf.append (getType ());
233		buf.append (':');
234		buf.append (getSensitivity ());
	234
	235	if (i_support != null)
	236	{
	237	buf.append (':');
	238	buf.append (getSensitivity (i_support));
	239	}
235	240
236	241	return buf.toString ();

branches/mls/framework-plugin/src/com/tresys/framework/compiler/policy/ComponentWithDictObjects.java

r1901	r1964
26	26	import com.tresys.framework.compiler.dictionary.SysResourceState;
27	27	import com.tresys.framework.compiler.linkage.Linkage;
	28	import com.tresys.framework.compiler.mls.MLSLevel;
	29	import com.tresys.framework.compiler.mls.MLSSupport;
28	30	import com.tresys.framework.compiler.systemResources.DirResource;
29	31	import com.tresys.framework.compiler.systemResources.SystemResource;
…	…
321	323	}
322	324
	325
	326	/**
	327	* get the sensitivity portion of the context
	328	* @return
	329	*/
	330	public String getSensitivity (MLSSupport i_support)
	331	{
	332	if (i_support != null)
	333	{
	334	MLSLevel mlsLevel = i_support.getLevel (getMLSLabel ());
	335	if (mlsLevel != null)
	336	return mlsLevel.getRange ();
	337	}
	338
	339	return "s0";
	340	}
	341
323	342	public boolean Validate(Linkage linkage)
324	343	{

branches/mls/framework-plugin/src/com/tresys/framework/compiler/policy/EntrypointResource.java

r1901	r1964
19	19	import com.tresys.framework.compiler.dictionary.Entrypoint;
20	20	import com.tresys.framework.compiler.linkage.Linkage;
	21	import com.tresys.framework.compiler.mls.MLSLevel;
	22	import com.tresys.framework.compiler.mls.MLSSupport;
21	23	import com.tresys.framework.compiler.systemResources.FileResource;
22	24
…	…
139	141	}
140	142
	143	/**
	144	* get the sensitivity portion of the context
	145	* @return
	146	*/
	147	public String getSensitivity (MLSSupport i_support)
	148	{
	149	if (i_support != null)
	150	{
	151	MLSLevel mlsLevel = i_support.getLevel (getMLSLabel ());
	152	if (mlsLevel != null)
	153	return mlsLevel.getRange ();
	154	}
	155
	156	return "s0";
	157	}
	158
141	159	public boolean Validate(Linkage linkage)
142	160	{

branches/mls/framework-plugin/src/com/tresys/framework/compiler/policy/IDomain.java

r1963	r1964
19	19	import com.tresys.framework.compiler.AbstractToken;
20	20	import com.tresys.framework.compiler.linkage.Linkage;
	21	import com.tresys.framework.compiler.mls.MLSSupport;
21	22
22	23	public interface IDomain
…	…
60	61	* @return true if this domain has an enter that matches the given criteria, false otherwise.
61	62	*/
62		public boolean IsEnterPresent(IDomain src, Domain dest,
63		EntrypointResource ep);
	63	public boolean IsEnterPresent(IDomain src, Domain dest, EntrypointResource ep);
64	64
65	65	public String getType();
66	66
67		public String getFullContext ();
	67	public String getFullContext (MLSSupport i_support);
68	68
69	69	public Domain getParent();

branches/mls/framework-plugin/src/com/tresys/framework/plugin/builder/AccessCheckVisitor.java

r1963	r1964
34	34	import com.tresys.framework.compiler.linkage.libselinuxjava.sepol_security_id_t;
35	35	import com.tresys.framework.compiler.linkage.libselinuxjava.sidtab_t;
	36	import com.tresys.framework.compiler.mls.MLSSupport;
36	37	import com.tresys.framework.compiler.policy.AccessBaseResource;
37	38	import com.tresys.framework.compiler.policy.AccessResource;
…	…
62	63	protected policydb_t m_policyDB;
63	64	protected sidtab_t m_sidTab;
64
65		AccessCheckVisitor (IFile i_policyFile)
	65	private final MLSSupport m_MLSSupport;
	66
	67	AccessCheckVisitor (IFile i_policyFile, MLSSupport i_support)
66	68	throws FileNotFoundException, IOException
67	69	{
68	70
	71	m_MLSSupport = i_support;
69	72	policy_file_t pFile = null;
70	73
…	…
133	136
134	137	String sType = res.getName () + "_" + rdef.GetName () + "_t";
135		sepol_security_id_t ssid = new sepol_security_id_t (dom.getFullContext ());
	138	sepol_security_id_t ssid = new sepol_security_id_t (dom.getFullContext (m_MLSSupport));
136	139	System.out.println ("Source SID: " + ssid.toString ());
137	140
138		sepol_security_id_t tsid = new sepol_security_id_t (res.getUser () + ":" + res.getRole () + ":" + sType + ":" + res.getSensitivity ());
	141	String sSensitivity = new String ();
	142	if (m_MLSSupport != null)
	143	sSensitivity = ':' + res.getSensitivity (m_MLSSupport);
	144
	145	sepol_security_id_t tsid = new sepol_security_id_t (res.getUser () + ":" + res.getRole () + ":" + sType + sSensitivity);
139	146	System.out.println ("Target SID: " + tsid.toString ());
140	147
…	…
155	162	System.out.println("Audit Allowed (" + auditAllowVec.intValue () + "): " + auditAllowVec.toString ());
156	163	System.out.println("Audit Denyed (" + auditDenyVec.intValue () + "): " + auditDenyVec.toString ());
	164
	165	System.out.println ("Reason: " + accessDecision.getReason ());
157	166	}
158	167	}

branches/mls/framework-plugin/src/com/tresys/framework/plugin/builder/FrameworkNature.java

r1963	r1964
837	837	try
838	838	{
839
840		AccessCheckVisitor visitor = new AccessCheckVisitor (i_policy);
841
842		SELinuxSystem sys = getSystem (i_policy);
843		Policy policy = sys.getPolicy ();
844
845		policy.Accept (visitor);
846
	839	AccessCheckVisitor visitor = null;
	840	try
	841	{
	842	visitor = new AccessCheckVisitor (i_policy, getMLSSupport ());
	843
	844	}
	845	catch (MLSInitializationException mie)
	846	{
	847	visitor = new AccessCheckVisitor (i_policy, null);
	848	}
	849
	850	if (visitor != null)
	851	{
	852	SELinuxSystem sys = getSystem (i_policy);
	853	Policy policy = sys.getPolicy ();
	854
	855	policy.Accept (visitor);
	856	}
847	857	}
848	858	catch (IOException e)

branches/mls/libselinuxjava-plugin/swig/selinuxswig.i

r1963	r1964
385	385	sepol_security_id_t m_tsid;
386	386	sepol_decision m_decision;
	387	unsigned int m_reason;
387	388	// sepol_access_vector_t m_vector;
388	389	// sepol_security_class_t m_class;
…	…
391	392
392	393
	394
393	395	typedef struct my_sepol_access_decision {} sepol_access_decision;
394	396	%extend sepol_access_decision
395	397	{
	398	%constant long SEPOL_DECISION_COMPUTEAV_TE = SEPOL_COMPUTEAV_TE;
	399	%constant long SEPOL_DECISION_COMPUTEAV_CONS = SEPOL_COMPUTEAV_CONS;
	400	%constant long SEPOL_DECISION_COMPUTEAV_RBAC = SEPOL_COMPUTEAV_RBAC;
	401
396	402	sepol_access_decision(sepol_security_id_t i_ssid,
397	403	sepol_security_id_t i_tsid,
…	…
404	410	result->m_tsid = i_tsid;
405	411
406		sepol_compute_av(result->m_ssid, result->m_tsid, result->m_vector.m_class, result->m_vector.m_vector, &result->m_decision);
	412	int rc = sepol_compute_av_reason(result->m_ssid,
	413	result->m_tsid,
	414	result->m_vector.m_class,
	415	result->m_vector.m_vector,
	416	&result->m_decision,
	417	&result->m_reason);
	418
407	419	return result;
408	420	}
…	…
433	445	return new_sepol_access_vector__SWIG_2(self->m_vector.m_class, self->m_decision.auditdeny);
434	446	}
435		};
	447
	448	unsigned int getReason ()
	449	{
	450	return self->m_reason;
	451	}
	452	};

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.