maybe a bug in SELinux: security_context_to_sid_core
From: Zhang, Ning A
Date: Wed Feb 28 2018 - 01:47:16 EST
Hi,
Before SELinux is initialized, get scontext by secid by using:
security_secctx_to_secid() may return wrong numbe
eg:
security_secctx_to_secid("devnull", strlen("devnull"), &sid);
sid here will be 1
because:
in security_context_to_sid_core:
...
if (!ss_initialized) {
int i;
for (i = 1; i < SECINITSID_NUM; i++) {
if (!strcmp(initial_sid_to_string[i],
scontext)) {
*sid = i;
return 0;
}
}
*sid = SECINITSID_KERNEL;
return 0;
}
...
and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
right secid for "devnull".
is this by design or bug?
BR.
Ning.