Commit Graph

726 Commits

Author SHA1 Message Date
rhatdan
28baa721e0 libsemanage: Add sefcontext_compile to compile regex everytime policy is rebuilt
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:58 -05:00
rhatdan
44cba24ba6 libselinux: sefcontontext_compile: Add error handling to help debug problems in libsemanage.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
a293048a59 libselinux: do not leak mmapfd
On failure, common if .bin is older than the text version, we will leak
the mmapfd.  Don't do that.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
9ebd779353 libselinux: label_file: use precompiled filecontext when possible
When loading the filecontext database, check to see if there is a newer
binary version.  If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed.  If the text file is newer it will use the text version and
ignore the binary version.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
dac8b32c17 libselinux: utils: new file context regex compiler
This is a new 'compiler' which tranforms the file context database into
a binary format.  This binary format may be mmap'd in later removing the
need to compile the regular expression at run time.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:56 -05:00
Adam Tkac
a29f6820c5 libsepol: filename_trans: use some better sorting to compare and merge
The expand_filename_trans() function consumed vast majority of time by comparsion
of two lists with dumb algorithm with O(n^2) complexity.

Now it chunks one list by it's filename_trans->stype value to limit length of
elements which needs to be walked when comparing filename_trans_t element with
this chunked list.

This change speeds-up se* commands by 80%.

Signed-off-by: Adam Tkac <atkac@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:56 -05:00
Eric Paris
933840af6c libselinux: audit2why: make sure path is nul terminated
We use strncpy which could leave a non-nul terminated string if the
source is longer than PATH_MAX.  Add that nul.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:56 -05:00
John Reiser
960d6ee879 policycoreutils: setfiles: estimate percent progress
This patch started with work from John Reiser patch to estimate the
percent progress for restorecon/setfiles.

It has a lot of changes since then, to make it only happen on full
relabel, overwrite itself, shows 10ths of %, and does a lot better and
more useful job of estimation.  We get all of the inodes on all mounted
FS.  Since the number of inodes is not fixed and only an estimate I added
5% to the inode number, and forced the number to never go over 100.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:51 -05:00
Eric Paris
fec715a6f2 policycoreutils: po: remove bad selinux.tbl line from Makefile
selinux.tbl is a Fedora translation file that doesn't make sense in
policycoreutils.  Until we figure out how to deal with it, I'm not going
to push it.  But I accidentally included it in the update-po make
target.  Remove it from the make target.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-14 13:41:22 -04:00
Eric Paris
8638197342 Version bumps for upstream push 2012-09-13 10:33:58 -04:00
Xin Ouyang
18649484ee libsemanage: Fix segfault for building standard policies.
If you are building "standard" policies(not MCS/MLS), libsemanage
will crash, which caused by strdup() to "level" NULL pointers.
For example, semodule -s refpolicy -b base.pp -i a.pp

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:15:53 -04:00
Harry Ciao
2ef297d4c8 libsepol: role_fix_callback skips out-of-scope roles during expansion.
If a role identifier is out of scope it would be skipped over during
expansion, accordingly, be it a role attribute, it should be skipped
over as well when role_fix_callback tries to propagate its capability
to all its sub-roles.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:15:52 -04:00
Guido Trentalancia
46ce32a6ee policycoreutils: genhomedircon: dynamically create genhomedircon
It dynamically creates the policycoreutils "genhomedircon"
script during the build process in order not to hard-code
the full path to the semodule executable, as in general the
latter could reside in non-standard SBINDIR/USRSBINDIR
locations.

It might not be very stylish or it might appear cumbersome,
but at least the script should not break as easily as the
current static one.

The patch also edits the Makefile for the scripts so that
LOCALEDIR correctly uses $(PREFIX) rather than an absolute
path.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:15:41 -04:00
Guido Trentalancia
45658fc6d5 libselinux: improve the file_contexts.5 manual page
Manual page improvements for the file_contexts and related policy
configuration files (section 5):

- create links to selabel_file.5 not only for file_contexts.5 but
  also for the other optional policy configuration files (including
  the so-called file contexts "substitution" files);
- clarify the above mentioned manual page(s), in particular relatively
  to the action performed by the so-called file contexts "substitution"
  policy configuration files (aliasing/equivalence versus substitution);
- improve the explanation of the form that the "substitution" files
  shall have.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:14:43 -04:00
Guido Trentalancia
46b60eee89 policycoreutils: restorecond: relabel all mount runtime files in the restorecond example config
Ship a restorecond.conf file that relabels all mount runtime files under /etc and
not just /etc/mtab.

Mount also uses /etc/mtab~[0-9]{0,20} lock files (the number corresponds to the
PID) and the /etc/mtab.tmp temporary file.

The above refers to mount from util-linux-2.21.2 from kernel.org. See mount -vvv
for the location of such files.

A patch is also available for the reference policy to fix this issue.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:14:42 -04:00
Guido Trentalancia
b8067636b6 policycoreutils: semanage: skip comments while reading external configuration files
Fix fcontextRecords() in policycoreutils/semanage/seobject.py so
that semanage does not produce an error in fcontext mode when
the file_contexts.subs_dist file contains comments (prefixed by #).

Properly skip blank lines.

Treat both white space and tab as valid separators for the above
mentioned policy configuration file (v2). Minimum number of
changes (v2bis).

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Reported-by: Sven Vermeulen <sven.vermeulen@siphos.be>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:11:28 -04:00
Dan Walsh
1c8a7c194d libselinux: Ensure that we only close the selinux netlink socket once.
Taken from our Android libselinux tree.  From Stephen Smalley.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:06:55 -04:00
Eric Paris
a8a36f88c2 sepolgen: audit2allow: one role/type pair per line
audit2allow was generating rules which would not compile.  We can only
do one per line, not tons of types at one time.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 20:57:24 -04:00
Eric Paris
628bcc69e2 policycoreutils: sepolgen: return and output constraint violation information
update sepolgen to return constraint violation information.  Then output
that information in audit2allow.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 15:08:56 -04:00
Eric Paris
4d04f4c443 libselinux: label_file: only run array once when sorting
Instead of running the array two times, sorting the 'hasMeta' the first
time and the !hasMeta the second, run the array once putting hasMeta in
the front and !hasMeta in the back.  Then ONLY run the !hasMeta section
a second time reversing its order so its sorted as it should be.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:51 -04:00
Eric Paris
36ab97dadc libselinux: label_file: struct reorg
Use char instead of int, reorder to put the chars together.  Just litle
things.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:51 -04:00
Eric Paris
de5bc062ca libselinux: label_file: break up find_stem_from_spec
Right now find_stem_from_spec does a number of things:
- calculate the length of th stem
- look for that stem
- duplicate the stem
- add the stem to the array

break those things up a bit because the mmap version isn't going to need
to do some of those things.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:50 -04:00
Eric Paris
16b578895e libselinux: label_file: new process_file function
We currently duplicate code 3 times for the main file, the homedirs, and
the local file.  Just put that stuff in its own function so we don't
have to deal with it multiple times.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:50 -04:00
Eric Paris
79b6a8d78f libselinux: label_file: only run regex files one time
We currectly run all of the regex files 2 times.  The first time counts
the lines and does the simple validatation.  We then allocate an array
of exactly the right size to hold the entries and run them a second time
doing stronger validation, regex compile, etc.

This is dumb.  Just run them one time and use realloc to grow the size
of the array as needed.  At the end the array will get sized perfectly
to fit by the sorting function, so even if we accidentally allocated
entra memory we'll get it back.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:49 -04:00
Eric Paris
ee88185aff libselinux: label_file: add accessors for the pcre extra data
When we use an mmap backed version of data we need to declare the pcre
extra data since we are only given a point to the data->buffer.  Since
sometimes the spec will hold a pointer to the extra data and sometimes
we want to declare it on the stack I introduce and use an accessor for
the extra data instead of using it directly.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:49 -04:00
Eric Paris
247759031a libselinux: label_file: move regex sorting to the header
We want to do the same thing in the compiler and as we do in in the code
which reads regexes in from the text file.  Move that sorting into the header.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:48 -04:00
Eric Paris
dd61029c54 libselinux: label_file: fix potential read past buffer in spec_hasMetaChars
An illegal regex may end with a single \ followed by nul.  This could
cause us to search past the end of the character array.  The loop
formation looks like so:

        c = regex_str;
        len = strlen(c);
        end = c + len;

        while (c != end) {
		switch (*c) {
		...
                case '\\':      /* skip the next character */
                        c++;
                        break;
		...
                }
                c++;
	}

If the \ is the last character then we will increment c and break from
the switch.  The while loop will then increment c.  So now c == end+1.
This means we will keep running into infinity and beyond!  Easy fix.
Make the loop check (c < end).  Thus even if we jump past end, we still
exit the loop.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:48 -04:00
Eric Paris
48682e2853 libselinux: label_file: move spec_hasMetaChars to header
So we can use it in the new compile utility, move the
spec_hasMetaChars() function, which looks for things like .*?+^$ in
regular expressions into the internal header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
fcc895661d libselinux: label_file: drop useless ncomp field from label_file data
The libselinux label_file backend counted the number of regexes which
had been compiled.  We didn't use it and it wasn't useful information.
Stop doing it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
9937685cbe libselinux: label_file: move stem/spec handling to header
We want to be able to find the stem and the spec from our new utility.
So move those functions to the header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
b9482941ce libselinux: label_file: move error reporting back into caller
If we want to use these functions in utilities we shouldn't call such
libselinux internal functions.  Move the error reporting up to the
caller.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:17 -04:00
Eric Paris
f744f239fb libselinux: label_file: do string to mode_t conversion in a helper function
So the string to mode_t conversion in a helper function so it can be
used later by a regex compilation program.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:17 -04:00
Eric Paris
c27101a583 libselinux: label_file: move definitions to include file
We want to use some label_file internals in a utility to compile
fcontext files into binary data for fast use.  So start pushing
structures and such into a header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:16 -04:00
Eric Paris
dc1db39e28 libselinux: label_file: remove all typedefs
I hate them.  They just indirectly you needlessly.  Just use the struct
definitions.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:49:33 -04:00
Eric Paris
091eb526dd libselinux: label_file: use PCRE instead of glibc regex functions
The PCRE functions are about x10 faster than the glibc functions.  So
use the external library.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:49:32 -04:00
Eric Paris
ac5f5645b6 libselinux: stop messages when SELinux disabled
If SELinux is disabled we should send any messages.  We shouldn't do
anything.  Just return.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:42:29 -04:00
Chris PeBenito
01723ac2ce libsepol: Add always_check_network policy capability
Currently the packet class in SELinux is not checked if there are no
SECMARK rules in the security or mangle netfilter tables.  Similarly, the
peer class is not checked if there is no NetLabel or labeled IPSEC.  Some
systems prefer that these classes are always checked, for example, to
protect the system should the netfilter rules fail to load or if the
nefilter rules were maliciously flushed.

Add the always_check_network policy capability which, when enabled, treats
these mechanisms as enabled, even if there are no labeling rules.

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:24 -04:00
Chris PeBenito
1f3bca77e0 libsepol: check for missing initial SID labeling statement.
If an initial SID is missing a labeling statement, the compiler will
segfault when trying to copy the context during expand.  Check for this
situation to handle it gracefully.

This fixes ocontext_copy_selinux() and ocontext_copy_xen().

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:23 -04:00
Chris PeBenito
e26b58b08e libsepol: Move context_copy() after switch block in ocontext_copy_*().
If an initial SID is missing a labeling statement, the compiler will
segfault on the context_copy().  Move the context copy after the
switch block so that the existance of the initial SID label can be checked
before trying to copy the context.

This fixes both ocontext_copy_selinux() and ocontext_copy_xen().

Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:23 -04:00
Dan Walsh
30db6f423b policycoreutils: sandbox: Make sure Xephyr never listens on tcp ports
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:22 -04:00
Eric Paris
b2d86f8219 libselinux: booleans: initialize pointer to silence coveriety
The coveriety scanner is too stupid to realize that the strtok_r()
function initializes the saveptr variable.  Since we are passing a
variable location without initializing it coveriety gets angry.  Just
shut up the scanner, but nothing was wrong to start with.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:22 -04:00
Dan Walsh
bd8ea2eb6c libselinux: seusers: Check for strchr failure
If we have a malformed seusers entry we may not find the : proceeding
the level and would thus get a NULL.  This can blow up.  Check for this
error and bail gracefully.  Found by coverity

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:21 -04:00
Dan Walsh
fa7a9a604e libselinux: utils: avcstat: clear sa_mask set
We were leaving random stack garbage in sa.sa_mask.  Clear it the way
one should.  (spotted by coveriety)

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:21 -04:00
Eric Paris
873c176651 checkpolicy: check return code on ebitmap_set_bit
This can fail due to ENOMEM.  Check and return code and return error if
necessary.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:20 -04:00
Eric Paris
87e8d46f29 policycoreutils: checkmodule: fd leak reading policy
We never closed the fd to the policy file.  Close this fd as soon as we
are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:20 -04:00
Eric Paris
1db01640ee libselinux: matchpathcon: add -m option to force file type check
We may want to force matchpathcon to respond if the path is question is
a dir, sockfile, chr, blk, etc.  Add an option so you can force it to
hit the right rule types.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:23:22 -04:00
Eric Paris
b0b22829eb libsemanage: do boolean name substitution
So people can use -P and it will work.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:17:30 -04:00
Dan Walsh
ee6901618c libselinux: expose selinux_boolean_sub
Make selinux_boolean_sub a public method so getsebool can use it, as well as
potentially used within libsemanage.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:15:00 -04:00
Dan Walsh
179ee6c187 libselinux: Add man page for new selinux_boolean_sub function.
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:14:29 -04:00
Dan Walsh
bac96c8c70 libselinux: getsebool: support boolean name substitution
Use selinux_boolean_sub to translate the boolean name handed in by the user.
Report back the correct name of the boolean.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:14:29 -04:00