:( - will fix that.+void __init selinux_init_measurement(void)
+{
+ int i;
+
+ /*
+ * enabled
+ * enforcing
+ * checkreqport
checkreqprot (spelling)
Yes - I was thinking measuring SELinux state would be meaningful only when initialized is set to true/1.
What about initialized? Or do you consider that to be implicitly
true/1 else we wouldn't be taking a measurement? Only caveat there is
that it provides one more means of disabling measurements (at the same
time as disabling enforcement) by setting it to false/0 via kernel
write flaw.
+ * All policy capability flags
+ */
+ selinux_state_count = 3 + __POLICYDB_CAPABILITY_MAX;
+
+ selinux_state_string_len = snprintf(NULL, 0, str_format,
+ "enabled", 0);
+ selinux_state_string_len += snprintf(NULL, 0, str_format,
+ "enforcing", 0);
+ selinux_state_string_len += snprintf(NULL, 0, str_format,
+ "checkreqprot", 0);
+ for (i = 3; i < selinux_state_count; i++) {
+ selinux_state_string_len +=
+ snprintf(NULL, 0, str_format,
+ selinux_policycap_names[i-3], 0);
+ }
What's the benefit of this pattern versus just making the loop go from
0 to __POLICYDB_CAPABILITY_MAX and using selinux_policycap_names[i]?
+void selinux_measure_state(struct selinux_state *selinux_state)
+{
+ void *policy = NULL;
+ void *policy_hash = NULL;
+ size_t curr, buflen;
+ int i, policy_hash_len, rc = 0;
+
+ if (!selinux_initialized(selinux_state)) {
+ pr_warn("%s: SELinux not yet initialized.\n", __func__);
+ return;
+ }
We could measure the global state variables before full SELinux
initialization (i.e. policy load).
Only the policy hash depends on having loaded the policy.
Will change it.
+
+ if (!selinux_state_string) {
+ pr_warn("%s: Buffer for state not allocated.\n", __func__);
+ return;
+ }
+
+ curr = snprintf(selinux_state_string, selinux_state_string_len,
+ str_format, "enabled",
+ !selinux_disabled(selinux_state));
+ curr += snprintf((selinux_state_string + curr),
+ (selinux_state_string_len - curr),
+ str_format, "enforcing",
+ enforcing_enabled(selinux_state));
+ curr += snprintf((selinux_state_string + curr),
+ (selinux_state_string_len - curr),
+ str_format, "checkreqprot",
+ selinux_checkreqprot(selinux_state));
+
+ for (i = 3; i < selinux_state_count; i++) {
+ curr += snprintf((selinux_state_string + curr),
+ (selinux_state_string_len - curr),
+ str_format,
+ selinux_policycap_names[i - 3],
+ selinux_state->policycap[i - 3]);
+ }
Same question here as for the previous loop; seems cleaner to go from
0 to __POLICYDB_CAPABILITY_MAX and use [i].
What public git tree / branch would you recommend trying to use your
patches against? Didn't seem to apply to any of the obvious ones.