Re: maybe a bug in SELinux: security_context_to_sid_core

From: Zhang, Ning A
Date: Thu Mar 08 2018 - 21:08:06 EST


Hi, Bill

For below SELinux behavior, do you know why.

BR.
Ning.


å 2018-02-28äç 14:47 +0800ïZhang Ningåéï
> Hi,
>
> Before SELinux is initialized, get scontext by secid by using:
>
> security_secctx_to_secid() may return wrong numbe
>
> eg:
> security_secctx_to_secid("devnull", strlen("devnull"), &sid);
>
> sid here will be 1
>
> because:
>
> in security_context_to_sid_core:
>
> ...
> if (!ss_initialized) {
> int i;
>
> for (i = 1; i < SECINITSID_NUM; i++) {
> if (!strcmp(initial_sid_to_string[i],
> scontext)) {
> *sid = i;
> return 0;
> }
> }
> *sid = SECINITSID_KERNEL;
> return 0;
> }
> ...
>
> and SECINITSID_DEVNULL equals to SECINITSID_NUM, and it will never get
> right secid for "devnull".
>
> is this by design or bug?
>
> BR.
> Ning.