Commit Graph

1621 Commits

Author SHA1 Message Date
Stephen Smalley
36d164ca56 Update policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-12-01 15:36:19 -05:00
Petr Lautrbach
fa438ddf50 policycoreutils: replace string.join() with str.join()
Fixes Python 3 error:
  AttributeError: module 'string' has no attribute 'join'

Based on a patch by Tomas Radej <tradej@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:36 -05:00
Petr Lautrbach
b300d3d43a policycoreutils: fix 'semanage permissive -l' subcommand
This reverts the commit 97d06737 which introduced a regression on '-l'
which started to require at least one argument and fixes the original
problem other way. A args.parser value is set now and handlePermissive
function uses it to print an usage message when args.type is not set.

Fixes: semanage permissive -l
  usage: semanage permissive [-h] (-a | -d | -l) [-n] [-N] [-S STORE]
                             type [type ...]
  semanage permissive: error: the following arguments are required: type

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-12-01 15:33:11 -05:00
Stephen Smalley
d257b02dde Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:38:14 -05:00
Richard Haines
46320aefc2 libselinux: Correct line count for property and service contexts files
When a line number is displayed for context errors they are
x2 the correct value, so reset line count for each pass.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Jeff Vander Stoep <jeffv@google.com>
2015-11-24 16:37:57 -05:00
Stephen Smalley
6c925600fa Update libsepol ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:36:44 -05:00
Richard Haines
0ca5562e97 libsepol: Fully expand neverallowxperm rules
Currently neverallowxperm rules will be resolved correctly when
building policy, however they are not detectable when using tools
such as an updated version of setools. This patch will allow
these to be viewed in the same way as neverallow rules are in a
text based kernel policy file (e.g. policy.conf).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Acked-by: Jeff Vander Stoep <jeffv@google.com>
2015-11-24 16:36:07 -05:00
Stephen Smalley
4a1169a367 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-11-24 16:34:56 -05:00
Ville Skyttä
572fcef2ba libselinux, policycoreutils: Man page warning fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2015-11-24 16:32:13 -05:00
James Carter
e29d606f62 Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-20 13:29:30 -05:00
Miroslav Grepl
0f4620d611 policycoreutils/sandbox: Fix sandbox to propagate specified MCS/MLS Security Level.
If "level" option is used to start sandbox commands, this level is not propagated
to specified  homedir and tmpdir directories. See rhbz #1279006.

Signed-off-by: Miroslav Grepl <mgrepl@redhat.com>
2015-11-20 13:14:10 -05:00
James Carter
50c349df8f Updated policycoreutils ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-19 16:19:33 -05:00
Petr Lautrbach
97d067376a policycoreutils: Require at least one argument for 'semanage permissive -d'
Fixes: python ./semanage permissive -d
Traceback (most recent call last):
  File "./semanage", line 925, in <module>
    do_parser()
  File "./semanage", line 904, in do_parser
    args.func(args)
  File "./semanage", line 708, in handlePermissive
    OBJECT.delete(args.type)
  File "/selinux.git/policycoreutils/semanage/seobject.py", line 479, in delete
    for n in name.split():
AttributeError: 'NoneType' object has no attribute 'split'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:59 -05:00
Petr Lautrbach
8922ff887f policycoreutils: improve sepolicy command line interface
Previously, when sepolicy was run without any argument, the usage message
with the error "too few arguments" was shown. Using Python 3 it threw a traceback.
This patch unifies behavior on Py2 and Py3 so that sepolicy shows the help
message in this case.

Fixes:
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 647, in <module>
    args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-19 16:17:51 -05:00
James Carter
b6e70257bd Updated sepolgen ChangeLog
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-19 16:17:05 -05:00
Petr Lautrbach
5f2aca2418 sepolgen: Use key function in sort()
In Py3.0, the cmp parameter in sort() function was removed and key keyword is
available since Py2.4.

Fixes: # cat avc.log | audit2allow -R
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 363, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 351, in main
    self.__output()
  File "/usr/bin/audit2allow", line 308, in __output
    g.set_gen_refpol(ifs, perm_maps)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 101, in set_gen_refpol
    self.ifgen = InterfaceGenerator(if_set, perm_maps)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 353, in __init__
    self.hack_check_ifs(ifs)
  File "/usr/lib64/python3.4/site-packages/sepolgen/policygen.py", line 365, in hack_check_ifs
    params.sort(param_comp)
TypeError: must use keyword argument for key function

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-11-13 10:32:07 -05:00
James Carter
80f5957a84 Updated libsepol ChangeLog
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-13 10:14:37 -05:00
Yuli Khodorkovskiy
71dd7b7133 secilc: Add support for unordered classes
Resolves https://github.com/SELinuxProject/cil/issues/3

An 'unordered' keyword provides the ability to append classes to the current
list of ordered classes. This allows users to not need knowledge of existing
classes when creating a class and fixes dependencies on classes when removing a
module. This enables userspace object managers with custom objects to be
modularized.

If a class is declared in both an unordered and ordered statement, then the
ordered statement will supercede the unordered declaration.

Example usage:

    ; Appends new_class to the existing list of classes
    (class new_class ())
    (classorder (unordered new_class))

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-11-10 13:26:52 -05:00
Stephen Smalley
8dc4c05b79 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-28 08:58:17 -04:00
William Roberts
90c2d42e03 libselinux: label_file: fix memory leaks and uninitialized jump
Some error's were reported by valgrind (below) fix them. The test
cases on which these leaks were detected:

1. properly formed file_contexts file.
2. malformed file_contexts file, unknown type.
3. malformed file_contexts file, type that fails on validate callback.
4. malformed file_contexts file, invalid regex.
5. malformed file_contexts file, invalid mode.

==3819== Conditional jump or move depends on uninitialised value(s)
==3819==    at 0x12A682: closef (label_file.c:577)
==3819==    by 0x12A196: selabel_close (label.c:163)
==3819==    by 0x10A2FD: cleanup (checkfc.c:218)
==3819==    by 0x5089258: __run_exit_handlers (exit.c:82)
==3819==    by 0x50892A4: exit (exit.c:104)
==3819==    by 0x10A231: main (checkfc.c:361)
==3819==  Uninitialised value was created by a heap allocation
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x4C2CF1F: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x12BB31: process_file (label_file.h:273)
==3819==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==
==3819==
==3819== HEAP SUMMARY:
==3819==     in use at exit: 729 bytes in 19 blocks
==3819==   total heap usage: 21,126 allocs, 21,107 frees, 923,854 bytes allocated
==3819==
==3819== 81 bytes in 1 blocks are definitely lost in loss record 1 of 2
==3819==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==3819==    by 0x50D5839: strdup (strdup.c:42)
==3819==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==3819==    by 0x12A0BB: selabel_open (label.c:88)
==3819==    by 0x10A038: main (checkfc.c:292)
==3819==

==4238== 40 bytes in 1 blocks are definitely lost in loss record 1 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12A1D2: selabel_file_init (label_file.c:886)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 81 bytes in 1 blocks are definitely lost in loss record 2 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5839: strdup (strdup.c:42)
==4238==    by 0x12A2A6: selabel_file_init (label_file.c:517)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 386 bytes in 24 blocks are definitely lost in loss record 3 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x50D5889: strndup (strndup.c:45)
==4238==    by 0x12CDDF: read_spec_entries (label_support.c:37)
==4238==    by 0x12B72D: process_file (label_file.h:392)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 648 bytes in 18 blocks are definitely lost in loss record 4 of 6
==4238==    at 0x4C2CC70: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x117C9B: avtab_insert_node (avtab.c:105)
==4238==    by 0x117C10: avtab_insert (avtab.c:163)
==4238==    by 0x11880A: avtab_read_item (avtab.c:566)
==4238==    by 0x118BD3: avtab_read (avtab.c:600)
==4238==    by 0x125BDD: policydb_read (policydb.c:3854)
==4238==    by 0x109F87: main (checkfc.c:273)
==4238==
==4238== 1,095 bytes in 12 blocks are definitely lost in loss record 5 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x12D8D1: pcre_compile2 (pcre_compile.c:9217)
==4238==    by 0x12B239: compile_regex (label_file.h:357)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)
==4238==
==4238== 1,296 bytes in 12 blocks are definitely lost in loss record 6 of 6
==4238==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==4238==    by 0x13EBE5: pcre_study (pcre_study.c:1565)
==4238==    by 0x12B25D: compile_regex (label_file.h:366)
==4238==    by 0x12B9C7: process_file (label_file.h:429)
==4238==    by 0x12A2BA: selabel_file_init (label_file.c:522)
==4238==    by 0x12A0BB: selabel_open (label.c:88)
==4238==    by 0x10A038: main (checkfc.c:292)

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2015-10-28 08:57:31 -04:00
Stephen Smalley
33fb501474 Update libsemanage ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-28 08:55:16 -04:00
Laurent Bigonville
d92388a8b0 Load libsepol.so.1 instead of libsepol.so
libsepol.so symlink is usually part of the development package, try to
load the library directly instead.
2015-10-28 08:54:27 -04:00
Stephen Smalley
a0e52def36 Update sepolgen ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-27 13:30:03 -04:00
Nicolas Iooss
90cff8243e sepolgen: Reset line numbers when parsing files
When running sepolgen-ifgen on refpolicy (git master branch), the
following messages show up:

    /usr/share/selinux/refpolicy/include/kernel/selinux.if: Syntax error
    on line 3369 gen_context [type=GEN_CONTEXT]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 188379 ' [type=SQUOTE]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 188385 ' [type=SQUOTE]

The line numbers are incorrect because the lineno member of the lexer
object is not resetted after each file has been processed.  After fixing
this, the messages are nicer:

    /usr/share/selinux/refpolicy/include/kernel/selinux.if: Syntax error
    on line 43 gen_context [type=GEN_CONTEXT]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1416 ' [type=SQUOTE]
    /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on
    line 1422 ' [type=SQUOTE]

As line 43 of kernel/selinux.if contains a genfscon statement with a
gen_context component, the reported line numbers are now correct.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2015-10-27 13:28:18 -04:00
Stephen Smalley
4de2259a0e Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-22 12:09:08 -04:00
Richard Haines
c1db824828 libselinux: Replace selabel_digest hash function
This replaces the openssl library with SHA1 hash functions
extracted from [1] as this is a public domain implementation.

util/selabel_digest -v option still compares the result with
the openssl command "openssl dgst -sha1 -hex .." for validation.

[1] https://github.com/WaterJuice/CryptLib

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-22 11:55:02 -04:00
Stephen Smalley
bc9bc13c5d Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-15 12:15:05 -04:00
Richard Haines
e0456053d0 libselinux: Fix selabel_open(3) services if no digest requested
If selabel_open is called with no request for a digest it will fail
with ENOENT. This fixes all the labeling routines to resolve this
problem. The utils/selabel_digest example has also been updated
to allow calling selabel_open with and without digest requests to
aid testing.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-15 12:13:42 -04:00
Stephen Smalley
4d0a9868e1 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-13 17:14:48 -04:00
Richard Haines
e40bbea95f libselinux: Add selabel_digest function
selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during
selabel_open(3) will return an SHA1 digest of the spec files, plus
a list of the specfiles used to calculate the digest. There is a
test utility supplied that will demonstrate the functionality.

The use case for selabel_digest(3) is to implement an selinux_restorecon
function based on the Android version that writes a hash of the
file_contexts files to an extended attribute to enhance performance
(see external/libselinux/src/android.c selinux_android_restorecon()).

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-10-13 17:13:24 -04:00
Stephen Smalley
c9c1f27370 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-13 16:32:29 -04:00
Jason Zaman
985935c318 libselinux: Fix parallel build with swig python
Commit 966855d9a1 added selinux.py as a requirement for pywrap.
This file is generated during the swig step but there is no explicit
rule in the Makefile so parallel build fails. This adds another rule
so the ordering is correct.

jason@meriadoc ~/code/gentoo/selinux/libselinux $ make -j3 pywrap
.... SNIP ....
sed -e 's/@VERSION@/2.4/; s:@prefix@:/usr:; s:@libdir@:lib:; s:@includedir@:/usr/include:' < libselinux.pc.in > libselinux.pc
bash exception.sh > selinuxswig_python_exception.i
make[1]: *** No rule to make target 'selinux.py', needed by 'pywrap'.  Stop.
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory '/home/jason/code/gentoo/selinux/libselinux/src'
Makefile:36: recipe for target 'pywrap' failed
make: *** [pywrap] Error 2

Signed-off-by: Jason Zaman <jason@perfinion.com>
2015-10-13 16:31:56 -04:00
Sven Vermeulen
8243069211 Open stdin as read/write
As per the discussion on the selinux development mailinglist, the tmux
application expects the stdin to be writeable. Although perhaps not the most
proper way, having newrole opening the descriptor in read/write keeps the
behaviour in line with what applications expect.

See also http://marc.info/?l=selinux&m=136518126930710&w=2

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2015-10-01 15:49:00 -04:00
Stephen Smalley
92eec06ca6 policycoreutils/newrole: Set keepcaps around setresuid calls.
Set the "keep capabilities" flag around the setresuid() calls in
drop_capabilities() so that we do not simultaneously drop all
capabilities (when newrole is setuid).

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-10-01 15:47:08 -04:00
Dan Walsh
572f899267 Fix newrole to not drop capabilities from the bounding set.
Stop dropping capabilities from its children.
Add better error messages.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2015-10-01 15:44:11 -04:00
Stephen Smalley
5aeb4c350b Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-23 11:12:25 -04:00
Stephen Smalley
b408d72ca9 libselinux: flush the class/perm string mapping cache on policy reload
This improves the robustness of programs using selinux_check_access()
in the face of policy updates that alter the values of the class or
permissions that they are checking.  Otherwise, a policy update can
trigger false permission denials, as in
https://bugzilla.redhat.com/show_bug.cgi?id=1264051

Changes to the userspace class/permission definitions should still be
handled with care, as not all userspace object managers have been converted
to use selinux_check_access() and even those that do use it are still not
entirely safe against an interleaving of a policy reload and a call to
selinux_check_access().  The change does however address the issue in
the above bug and avoids the need to restart systemd.

This change restores the flush_class_cache() function that was removed in
commit 435fae64a9 ("libselinux: Remove unused flush_class_cache method")
because it had no users at the time, but makes it hidden to avoid exposing
it as part of the libselinux ABI.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 12:16:44 -04:00
Stephen Smalley
c56c2a3b2d Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 10:56:18 -04:00
Nir Soffer
f2e38b609c libselinux: Fix restorecon when path has no context
When a path has no context, for example, when the file was created when
selinux was disabled, selinux.restorecon(path) will fail:

    >>> selinux.restorecon('/etc/multipath.conf.new')
    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "/usr/lib64/python2.7/site-packages/selinux/__init__.py", line 88,
      in restorecon
        status, oldcontext = lgetfilecon(path)
    OSError: [Errno 61] No data available

This failure does not seems to be useful, as we can successfully match
the context for this path using selinux.matchpathcon(), and set it
successfully using selinux.chcon(). The failure is caused by trying to
avoid the lsetfilecon() call if the current context is does not need
update.

This patch handles this specific error from lgetfilecon(), preventing
this failure.

Signed-off-by: Nir Soffer <nsoffer@redhat.com>
2015-09-22 10:55:57 -04:00
Stephen Smalley
59550c077c Updated libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 10:54:10 -04:00
Jeff Vander Stoep
99fc177b5a Add neverallow support for ioctl extended permissions
Neverallow rules for ioctl extended permissions will pass in two
cases:
1. If extended permissions exist for the source-target-class set
   the test will pass if the neverallow values are excluded.
2. If extended permissions do not exist for the source-target-class
   set the test will pass if the ioctl permission is not granted.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by:  Nick Kralevich <nnk@google.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 10:52:47 -04:00
James Carter
fe2ff88058 Updated libsepol ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-15 12:50:22 -04:00
Steve Lawrence
551d834c39 libsepol/cil: improve recursion detection
Add support for detecting recursive blockinherits, and print a trace of
the detected loop. Output will look something like this upon detection:

  Recursive blockinherit found:
    test.cil:42: block a
    test.cil:43: blockinherit b
    test.cil:36: block b
    test.cil:37: blockinherit c
    test.cil:39: block c
    test.cil:40: blockinherit a

Additionally, improve support for detecting recursive macros/calls. Due
to the way calls are copied, the existing code only detected recursion
with call depth of three or more. Smaller depths, like

  (macro m ()
    (call m))

were not detected and caused a segfault. The callstack that was used for
this was not sufficient, so that is removed and replaced with a method
similar to the block recursion detection. A similar trace is also
displayed for recursive macros/calls.

Also, cleanup sidorder, classorder, catorder, sensorder, and in lists at
the end of resolve, fixing a potential memory leak if errors occur
during resolve.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-15 12:40:09 -04:00
Stephen Smalley
3302de4625 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-09-15 10:36:12 -04:00
Richard Haines
c2cb37580a libselinux: Free memory when processing media and x specfiles
Ensure all memory is freed - checked using valgrind

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:35:11 -04:00
Richard Haines
5d19497b5c libselinux: Fix mmap memory release for file labeling
Ensure the mmap start address and length are not modified so the memory
used can be released when selabel_close(3) is called.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:30:37 -04:00
James Carter
1e50aefea5 Updated libsepol ChangeLog.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-11 11:08:38 -04:00
Yuli Khodorkovskiy
2ee9377b6b libsepol/cil: Fix uninitialized false positive in cil_binary
On older versions of gcc, an error is incorrectly given about
uninitialized variables. This will initialize the culprits.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-11 11:02:53 -04:00
Yuli Khodorkovskiy
de4c95f9c8 libsepol/cil: Provide error if classperms are empty
Fixes https://github.com/SELinuxProject/cil/issues/7.

This fixes a bug where cil_verify_classperms was executed on NULL
classperms lists. A check is now performed when verifying
classpermissions and classmap to ensure the classperms lists are not
empty.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-11 11:02:37 -04:00
Yuli Khodorkovskiy
77779d2ca5 libsepol/cil: Add userattribute{set} functionality
This adds a userattribute statement that may be used in userroles and
constraints. The syntax is the same as typeattributset.

Also, disallow roleattributes where roles are accepted in contexts.

Specify a userattribute

    (userattribute foo)

Add users to the set foo

    (userattributeset foo (u1 u2))

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-09-11 09:07:46 -04:00