mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-03 09:00:51 +00:00
Merge remote-tracking branch 'aosp/upstream-master' into mymerge
In particular, pulls in
3f99b14939
which is needed for b/118685852
Followed the following steps:
# In repo client
cd external/selinux
repo sync .
repo start mymerge .
git merge aosp/upstream-master --no-ff # resolve any conflicts
repo upload .
Bug: 118685852
Test: Android compiles and no obvious problems.
Change-Id: Ic8f1bb2b573a1491b733732653afd7dbe494c85f
This commit is contained in:
commit
1ad3304eae
@ -232,7 +232,7 @@ end_arch_check:
|
||||
|
||||
/* allocate the stems_data array */
|
||||
rc = next_entry(&stem_map_len, mmap_area, sizeof(uint32_t));
|
||||
if (rc < 0 || !stem_map_len)
|
||||
if (rc < 0)
|
||||
return -1;
|
||||
|
||||
/*
|
||||
|
@ -348,7 +348,7 @@ int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex,
|
||||
goto err;
|
||||
|
||||
rc = next_entry(&entry_len, mmap_area, sizeof(uint32_t));
|
||||
if (rc < 0 || !entry_len)
|
||||
if (rc < 0)
|
||||
goto err;
|
||||
|
||||
if (entry_len) {
|
||||
|
@ -536,7 +536,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
|
||||
struct strs *strs;
|
||||
char *sid;
|
||||
char *prev;
|
||||
char unknown[17];
|
||||
char unknown[18];
|
||||
unsigned i;
|
||||
int rc;
|
||||
|
||||
@ -550,7 +550,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
|
||||
if (i < num_sids) {
|
||||
sid = (char *)sid_to_str[i];
|
||||
} else {
|
||||
snprintf(unknown, 17, "%s%u", "UNKNOWN", i);
|
||||
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
|
||||
sid = strdup(unknown);
|
||||
}
|
||||
rc = strs_add_at_index(strs, sid, i);
|
||||
@ -2498,7 +2498,7 @@ static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const
|
||||
struct ocontext *isid;
|
||||
struct strs *strs;
|
||||
char *sid;
|
||||
char unknown[17];
|
||||
char unknown[18];
|
||||
char *ctx, *rule;
|
||||
unsigned i;
|
||||
int rc = -1;
|
||||
@ -2513,7 +2513,7 @@ static int write_sid_context_rules_to_cil(FILE *out, struct policydb *pdb, const
|
||||
if (i < num_sids) {
|
||||
sid = (char *)sid_to_str[i];
|
||||
} else {
|
||||
snprintf(unknown, 17, "%s%u", "UNKNOWN", i);
|
||||
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
|
||||
sid = unknown;
|
||||
}
|
||||
|
||||
|
@ -434,7 +434,7 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
|
||||
struct ocontext *isid;
|
||||
struct strs *strs;
|
||||
char *sid;
|
||||
char unknown[17];
|
||||
char unknown[18];
|
||||
unsigned i;
|
||||
int rc;
|
||||
|
||||
@ -448,7 +448,7 @@ static int write_sids_to_conf(FILE *out, const char *const *sid_to_str,
|
||||
if (i < num_sids) {
|
||||
sid = (char *)sid_to_str[i];
|
||||
} else {
|
||||
snprintf(unknown, 17, "%s%u", "UNKNOWN", i);
|
||||
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
|
||||
sid = strdup(unknown);
|
||||
}
|
||||
rc = strs_add_at_index(strs, sid, i);
|
||||
@ -2358,7 +2358,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
|
||||
struct ocontext *isid;
|
||||
struct strs *strs;
|
||||
char *sid;
|
||||
char unknown[17];
|
||||
char unknown[18];
|
||||
char *ctx, *rule;
|
||||
unsigned i;
|
||||
int rc;
|
||||
@ -2373,7 +2373,7 @@ static int write_sid_context_rules_to_conf(FILE *out, struct policydb *pdb, cons
|
||||
if (i < num_sids) {
|
||||
sid = (char *)sid_to_str[i];
|
||||
} else {
|
||||
snprintf(unknown, 17, "%s%u", "UNKNOWN", i);
|
||||
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
|
||||
sid = unknown;
|
||||
}
|
||||
|
||||
|
@ -2562,7 +2562,7 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
|
||||
struct sid_item *head = NULL;
|
||||
struct sid_item *item = NULL;
|
||||
char *sid;
|
||||
char unknown[17];
|
||||
char unknown[18];
|
||||
unsigned i;
|
||||
|
||||
for (isid = isids; isid != NULL; isid = isid->next) {
|
||||
@ -2570,7 +2570,7 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
|
||||
if (i < num_sids) {
|
||||
sid = (char*)sid_to_string[i];
|
||||
} else {
|
||||
snprintf(unknown, 17, "%s%u", "UNKNOWN", i);
|
||||
snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
|
||||
sid = unknown;
|
||||
}
|
||||
cil_println(0, "(sid %s)", sid);
|
||||
|
@ -2828,22 +2828,35 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
|
||||
(&c->context[1], p, fp))
|
||||
return -1;
|
||||
break;
|
||||
case OCON_IBPKEY:
|
||||
case OCON_IBPKEY: {
|
||||
uint32_t pkey_lo, pkey_hi;
|
||||
|
||||
rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
|
||||
if (rc < 0 || buf[2] > 0xffff || buf[3] > 0xffff)
|
||||
if (rc < 0)
|
||||
return -1;
|
||||
|
||||
pkey_lo = le32_to_cpu(buf[2]);
|
||||
pkey_hi = le32_to_cpu(buf[3]);
|
||||
|
||||
if (pkey_lo > UINT16_MAX || pkey_hi > UINT16_MAX)
|
||||
return -1;
|
||||
|
||||
c->u.ibpkey.low_pkey = pkey_lo;
|
||||
c->u.ibpkey.high_pkey = pkey_hi;
|
||||
|
||||
/* we want c->u.ibpkey.subnet_prefix in network
|
||||
* (big-endian) order, just memcpy it */
|
||||
memcpy(&c->u.ibpkey.subnet_prefix, buf,
|
||||
sizeof(c->u.ibpkey.subnet_prefix));
|
||||
|
||||
c->u.ibpkey.low_pkey = le32_to_cpu(buf[2]);
|
||||
c->u.ibpkey.high_pkey = le32_to_cpu(buf[3]);
|
||||
|
||||
if (context_read_and_validate
|
||||
(&c->context[0], p, fp))
|
||||
return -1;
|
||||
break;
|
||||
case OCON_IBENDPORT:
|
||||
}
|
||||
case OCON_IBENDPORT: {
|
||||
uint32_t port;
|
||||
|
||||
rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
|
||||
if (rc < 0)
|
||||
return -1;
|
||||
@ -2851,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
|
||||
if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
|
||||
return -1;
|
||||
|
||||
port = le32_to_cpu(buf[1]);
|
||||
if (port > UINT8_MAX || port == 0)
|
||||
return -1;
|
||||
|
||||
c->u.ibendport.dev_name = malloc(len + 1);
|
||||
if (!c->u.ibendport.dev_name)
|
||||
return -1;
|
||||
@ -2858,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
|
||||
if (rc < 0)
|
||||
return -1;
|
||||
c->u.ibendport.dev_name[len] = 0;
|
||||
c->u.ibendport.port = le32_to_cpu(buf[1]);
|
||||
c->u.ibendport.port = port;
|
||||
if (context_read_and_validate
|
||||
(&c->context[0], p, fp))
|
||||
return -1;
|
||||
break;
|
||||
}
|
||||
case OCON_PORT:
|
||||
rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
|
||||
if (rc < 0)
|
||||
|
@ -142,17 +142,8 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
|
||||
{
|
||||
int32_t result;
|
||||
char *out = NULL;
|
||||
char *peercon = NULL;
|
||||
int ret;
|
||||
|
||||
ret = getpeercon_raw(fd, &peercon);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
/* TODO: Check if MLS clearance (in peercon) dominates the MLS label
|
||||
* (in the request input).
|
||||
*/
|
||||
|
||||
switch (function) {
|
||||
case SETRANS_INIT:
|
||||
result = 0;
|
||||
@ -184,7 +175,6 @@ process_request(int fd, uint32_t function, char *data1, char *UNUSED(data2))
|
||||
}
|
||||
|
||||
free(out);
|
||||
freecon(peercon);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user