Commit Graph

1925 Commits

Author SHA1 Message Date
Nicolas Iooss
fb237459c8 libsepol: detect duplicated symbol IDs
A valid policy would not have two symbols (classes, roles, users...)
sharing the same unique identifier. Make policydb_read() rejects such
policy files.

When ..._val_to_name translation tables were allocated with malloc(),
change to calloc() in order to initialize the tables with NULLs.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-29 08:43:41 -05:00
Nicolas Iooss
9872b04a80 libsepol: check decl_id bounds before using it
When loading an invalid module which uses a declaration ID 0,
semodule_package crashes in policydb_index_decls():

    p->decl_val_to_struct[decl->decl_id - 1] = decl;

gdb shows the following stack trace:

    #0  0x00007ffff7aa1bbd in policydb_index_decls (p=p@entry=0x605360)
    at policydb.c:1034
    #1  0x00007ffff7aaa9fc in policydb_read (p=<optimized out>,
    fp=fp@entry=0x605090, verbose=verbose@entry=0) at policydb.c:3958
    #2  0x00007ffff7ab4764 in sepol_policydb_read (p=<optimized out>,
    pf=pf@entry=0x605090) at policydb_public.c:174
    #3  0x0000000000401d33 in main (argc=<optimized out>,
    argv=0x7fffffffdc88) at semodule_package.c:220

Change policydb_index_decls() to report an error instead:

    libsepol.policydb_index_decls: invalid decl ID 0

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-29 08:41:23 -05:00
Stephen Smalley
8fdb225521 libsepol,checkpolicy: convert rangetrans and filenametrans to hashtabs
range transition and name-based type transition rules were originally
simple unordered lists.  They were converted to hashtabs in the kernel
by commit 2f3e82d694d3d7a2db019db1bb63385fbc1066f3 ("selinux: convert range
transition list to a hashtab") and by commit
2463c26d50adc282d19317013ba0ff473823ca47 ("SELinux: put name based
create rules in a hashtable"), but left unchanged in libsepol and
checkpolicy. Convert libsepol and checkpolicy to use the same hashtabs
as the kernel for the range transitions and name-based type transitions.

With this change and the preceding one, it is possible to directly compare
a policy file generated by libsepol/checkpolicy and the kernel-generated
/sys/fs/selinux/policy pseudo file after normalizing them both through
checkpolicy.  To do so, you can run the following sequence of commands:

checkpolicy -M -b /etc/selinux/targeted/policy/policy.30 -o policy.1
checkpolicy -M -b /sys/fs/selinux/policy -o policy.2
cmp policy.1 policy.2

Normalizing the two files via checkpolicy is still necessary to ensure
consistent ordering of the avtab entries.  There may still be potential
for other areas of difference, e.g. xperms entries may lack a well-defined
order.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-28 13:10:59 -05:00
Stephen Smalley
2e47b69c53 libsepol: do not write object_r types to policy file
Originally object_r's types bitmap was empty since we exempt
object_r from the normal user-role and role-type checks.  CIL
however sets object_r's types to all types to avoid special case
logic.  However, the kernel does not load object_r types from the
policy file; it predefines object_r and merely validates that the
object_r definition in the policy has the expected value.  Thus,
the actual policy file and the /sys/fs/selinux/policy file were
differing in their object_r entry.  Fix this by not writing object_r's
types to the policy file, since they are ignored by the kernel
anyway.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-28 09:44:30 -05:00
stephensmalley
6f32d87a2a Merge pull request #35 from cgzones/semanage_fcontext_description
fix semanage fcontext help message
2016-11-28 09:39:10 -05:00
Nick Kralevich
044f6ef104 procattr.c: Use __ANDROID__ instead of ANDROID
When code is compiled within the Android tree, the resulting binaries
are intended to run either on the "host" (the machine doing the
building) or the "target" (the machine running the Android operating
system).

"ANDROID" is defined if the code is being compiled for the host or the
target, whereas "__ANDROID__" is only defined for code being compiled for
the target. (yes, I agree, this is not obvious).

gettid() is only declared in the target environment, not the host
environment, so adjust the #ifdef to properly emit the gettid()
definition for binaries targeting the host.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:32:21 -05:00
Nick Kralevich
bb96e1305d enabled.c: Remove stdio_ext.h header
This appears to be unused.

Signed-off-by: Nick Kralevich <nnk@google.com>
2016-11-28 09:29:41 -05:00
Nicolas Iooss
75b14a5de1 libsepol: ebitmap: reject loading bitmaps with incorrect high bit
Currently ebitmap_load() accepts loading a bitmap with highbit=192 and
one node {startbit=0, map=0x2}. When iterating over the bitmap,
ebitmap_for_each_bit() is expected to only yield "1" but it gives the
following bits: 1, 65, 129.

This is due to two facts in ebitmap_for_each_bit() implementation:
* ebitmap_next() stays on the first (and only) node of the bitmap
  instead of stopping the iteration.
* the end condition of the for loop consists in comparing the bit with
  ebitmap_length() (ie. the bitmap highbit), which is above the limit of
  the last node here.

These are not bugs when the bitmap highbit is equals to
l->startbit+MAPSIZE, where l is the last node (this is how
ebitmap_set_bit() sets it). So a simple fix consists in making
ebitmap_load() reject bitmaps which are loaded with an invalid highbit
value.

This issue has been found while fuzzing semodule_package with the
American Fuzzy Lop.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-28 09:06:50 -05:00
Nicolas Iooss
73313a7528 libsepol: do not check decl->symtab[i].nprim
Commit 02a7d77ef2 ("libsepol: make parsing symbol table headers more
robust") broke refpolicy build, because checkmodule generates avrule
decl blocks with "decl->symtab[i].nprim = 0" for all possible i, even
when decl->symtab[SYM_ROLES] and decl->symtab[SYM_TYPES] are not
empty.

More precisely, decl->symtab[i].nprim seems to be only updated in
libsepol/src/link.c (in *_copy_callback() functions).

Revert the buggy part of commit 02a7d77ef2 to fix this regression.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-28 09:04:44 -05:00
Nicolas Iooss
86bad3dbf9 libsepol: do not modify p->p_roles.nprim in role_set_expand
There is no reason to modify the number of roles defined in a policy
when no role is being inserted.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-28 09:04:19 -05:00
cgzones
1e605e9905 fix semanage fcontext help message
the ftype options were incorrect
2016-11-24 20:01:26 +01:00
Nicolas Iooss
2907caa33c libsepol: fix unknown magic section number error message
When running hll/pp on some invalid policy module, it can output:

    libsepol.sepol_module_package_read: unknown magic number at section
    1, offset: 251, number: 0x

The last number looks funny and was caused by using "%ux". "u" is not a
prefix like "l", "h", "z"... and "%x" already expects an unsigned
integer (cf. http://man7.org/linux/man-pages/man3/printf.3.html).

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-23 12:31:55 -05:00
Nicolas Iooss
d10725649e libsepol: make scope_index_destroy() more robust
When scope_index_read() fails while attempting to allocate memory for
scope_index->class_perms_map, scope_index_destroy() gets called with
scope->class_perms_len != 0 and scope->class_perms_map == NULL. This
triggers the following segmentation fault (in semodule_package):

    Program received signal SIGSEGV, Segmentation fault.
    ebitmap_destroy (e=0x10) at ebitmap.c:362
    362     n = e->node;
    => 0x00007ffff79ff7f6 <ebitmap_destroy+134>:    48 8b 3f    mov
    (%rdi),%rdi

    (gdb) bt
    #0  ebitmap_destroy (e=0x10) at ebitmap.c:362
    #1  0x00007ffff79e2c37 in scope_index_destroy (scope=0x608860) at
    avrule_block.c:87
    #2  avrule_decl_destroy (x=0x608830) at avrule_block.c:103
    #3  0x00007ffff7aae99c in avrule_block_read (fp=0x605090,
    num_scope_syms=8, block=0x6054e8, p=0x605360) at policydb.c:3598
    #4  policydb_read (p=0x605360, fp=fp@entry=0x605090,
    verbose=verbose@entry=0) at policydb.c:3946
    #5  0x00007ffff7ab4ab4 in sepol_policydb_read (p=<optimized out>,
    pf=pf@entry=0x605090) at policydb_public.c:174
    #6  0x0000000000401d33 in main (argc=<optimized out>,
    argv=0x7fffffffdc88) at semodule_package.c:220

    (gdb) f 1

    (gdb) p *scope
    $1 = {scope = {{node = 0x0, highbit = 0}, {node = 0x0, highbit = 0},
    {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0,
    highbit = 0}, {node = 0x0, highbit = 0}, {node = 0x0, highbit = 0},
    {node = 0x0, highbit = 0}}, class_perms_map = 0x0, class_perms_len =
    4294934272}

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-23 12:31:55 -05:00
Nicolas Iooss
8d31f8053c libsepol: do not crash when block->branch_list is NULL
When fuzzing hll/pp, the fuzzer created a policy module with a block
which has no declaration. With block->branch_list = NULL,
typealias_list_create() triggered a NULL pointer dereference when
computing max_decl_id.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-23 12:31:55 -05:00
Nicolas Iooss
6675e12cc1 libsepol: do not crash when a symbol does not exist
When hll/pp reads an invalid policy module where some scopes use
required symbols which are not defined, the program crashes with a
segmentation fault in required_scopes_to_cil():

    Program received signal SIGSEGV, Segmentation fault.
    required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780,
    pdb=0x6042e0, indent=0) at module_to_cil.c:3479
    3479                for (j = 0; j < scope_datum->decl_ids_len; j++)
    {
    => 0x00007ffff7a7b1a8 <block_to_cil+5224>:  44 8b 58 10 mov
    0x10(%rax),%r11d

    (gdb) bt
    #0  required_scopes_to_cil (decl_stack=0x6040b0, block=0x607780,
    pdb=0x6042e0, indent=0) at module_to_cil.c:3479
    #1  block_to_cil (pdb=pdb@entry=0x6042e0,
    block=block@entry=0x607780, stack=stack@entry=0x6040b0,
    indent=indent@entry=0) at module_to_cil.c:3622
    #2  0x00007ffff7a85a18 in global_block_to_cil (stack=0x6040b0,
    block=0x607780, pdb=0x6042e0) at module_to_cil.c:3738
    #3  blocks_to_cil (pdb=0x6042e0) at module_to_cil.c:3764
    #4  sepol_module_policydb_to_cil (fp=fp@entry=0x7ffff79d05e0
    <_IO_2_1_stdout_>, pdb=0x6042e0, linked=linked@entry=0) at
    module_to_cil.c:4051
    #5  0x00007ffff7a86b55 in sepol_module_package_to_cil
    (fp=fp@entry=0x7ffff79d05e0 <_IO_2_1_stdout_>, mod_pkg=0x604280) at
    module_to_cil.c:4080
    #6  0x0000000000401acc in main (argc=<optimized out>,
    argv=<optimized out>) at pp.c:150

    (gdb) p scope_datum
    $1 = (struct scope_datum *) 0x0

Detect such errors and exit with an error return value.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-23 12:31:55 -05:00
Nicolas Iooss
52b3b625b6 libsepol: do not call a NULL function in additive_scopes_to_cil()
When hll/pp operates on an invalid policy module which defines blocks
with non-empty decl->symtab[SYM_COMMONS], additive_scopes_to_cil_map()
calls func_to_cil[SYM_COMMONS], which is NULL.

In additive_scopes_to_cil(), filter out NULL elements of func_to_cil
before calling additive_scopes_to_cil_map().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-23 12:31:55 -05:00
Nick Kralevich
8f9057c2ea label_file.h: actually use the results of compat_validate
process_line called compat_validate, but never actually looked at the
return value. When an invalid entry is found, a warning is printed, but
since the upper layers of the code don't see the error, validation
appears to succeed.

Steps to reproduce on Android:

1) Edit system/sepolicy/private/file_contexts and create an entry with
an invalid label.
2) Recompile Android, which executes out/host/linux-x86/bin/checkfc to
check if file_contexts is valid.

Expected: Compile failure.
Actual: Compile succeeds with warnings.

Change-Id: I20fa18c7b11b5ffdd243c3274bedc4518431e1fb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-21 09:24:31 -05:00
Stephen Smalley
49bfee8562 checkpolicy: treat -self as an error
checkpolicy wrongly handles "-self". At the least, it should handle it as
an error. At best, it should support it correctly (which would involve
libsepol support as well). At present, it looks like it will end up
negating (-) the next type/attribute in the list after self, or if
there are no entries after self, ignoring it entirely.

This originally was raised by the Android team, which wanted to support
something like the following:
neverallow domain { domain -self }:dir search;
to prohibit cross domain access to some resource but allow access within
the same domain.

This change just makes it a fatal error during compilation.
Implementing real support for -self is left as future work.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-18 11:09:38 -05:00
Stephen Smalley
a609434b95 libselinux: normalize enforce values from the kernel
Normalize enforce values received from the kernel via
/sys/fs/selinux/enforce or netlink selinux notifications
to ensure that we always return a 0 or 1 to userspace code.
selinux_status_getenforce(), which reads the enforce value
via the SELinux kernel status page (/sys/fs/selinux/status)
already normalizes its result, so we do not need to update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-18 09:48:25 -05:00
Nicolas Iooss
9140de74cf libselinux, libsemanage: use Python-specific .so extension
The Makefiles currently install the Python wrapper libraries using .so
suffix (_selinux.so, audit2why.so and _semanage.so). Even though this
works well with CPython 2 and 3, PyPy fails to find these files because
it is looking for files with a specific version token in the suffix (eg.
_selinux.pypy-41.so).

This suffix is advertised by the imp module. Here is the result of
'import imp;print([s for s, m, t in imp.get_suffixes() if t ==
imp.C_EXTENSION])' for several Python versions:

    Python 2.7.12: ['.so', 'module.so']
    Python 3.5.2: ['.cpython-35m-x86_64-linux-gnu.so', '.abi3.so', '.so']
    PyPy 5.4.1 (Python 2.7.10): ['.pypy-41.so']
    PyPy3 5.5.0-alpha0 (Python 3.3.5): ['.pypy3-55.so', '.pypy3-55.so']

Define the name of the installed Python-C extension using the first
extension of these lists, in order to make the Python extensions
compatible with pypy.

When building the Python wrappers for PyPy and PyPy3 on Linux, the
following environment variables need to be set (PyPy does not provide a
pkg-config file nor a platform-agnostic way to build the string
"-lpypy-c"):

    PYTHON=pypy (or PYTHON=pypy3)
    PYINC=-I$($PYTHON -c 'import sys;print(sys.prefix)')/include
    PYLIBS=-lpypy-c (or PYLIBS= if LDFLAGS does not have
        -Wl,-no-undefined)

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:38 -05:00
Nicolas Iooss
489dd595d7 libselinux: audit2why: remove unused module_state structure
This structure has been empty since its introduction and makes clang
complain when $(filter-out -Werror, $(CFLAGS)) is removed in the
Makefile target for audit2why.lo:

    audit2why.c:443:1: error: empty struct has size 0 in C, size 1 in
    C++ [-Werror,-Wc++-compat]
      struct module_state {
      ^
      1 error generated.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-18 08:52:32 -05:00
Nicolas Iooss
a441d51011 mcstrans: fix global "make install"
When running "make install" in the root directory of the project, with
variable DESTDIR set and while being on a system without SELinux, the
compiler complains while building:

    fatal error: selinux/selinux.h: No such file or directory

Other subdirectories add -I$(PREFIX)/include to CFLAGS and -L$(LIBDIR)
to the linking command line, in order to find libselinux headers and .so
file. Do this too in mcstrans.

While at it, mcstrans Makefile uses -I../include but this directory does
not exist. Remove this option.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-17 16:49:24 -05:00
Nicolas Iooss
945bc8853b sandbox: make test not fail on systems without SELinux
On systems without SELinux (eg. some continuous integration
environments), "make test" fails with:

    Traceback (most recent call last):
      File "test_sandbox.py", line 110, in <module>
        if selinux.security_getenforce() == 1:
    FileNotFoundError: [Errno 2] No such file or directory

This is exception is thrown because the selinuxfs file system is not
mounted.

Detect such configurations using selinux.is_selinux_enabled() and skip
the test when SELinux is disabled accordingly.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-17 16:44:57 -05:00
William Roberts
4129eb499d expand_terule_helper: cleanups
1. Use the new helper to convert from AVRULE to AVTAB values.
2. Only check once for invalid AVRULE specified parameter.
3. Drop assert and just return error on invalid specification.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-17 16:41:45 -05:00
William Roberts
dcd473d5ae expand_avrule_helper: cleanup
General clean up for expand_avrule_helper:
1. Minimize the conversions of AVRULE specification to AVTAB specification,
   they are almost the same, the one exception is AVRULE_DONTAUDIT.
2. Clean up the if/else logic, collapse with a switch.
3. Move xperms allocation and manipulation to its own helper.
4. Only write avkey for values that change.
5. Return error rather than assert on invalid specification.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-17 16:41:45 -05:00
William Roberts
af9f477fb9 policydb.h: use AVTAB macros to avoid duplications
Rather than having multiple copies of the AVTAB and AVRULE
defines, consolidate them.

This makes it clear that AVRULE to AVTAB conversion no longer
need to occur.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-17 16:41:45 -05:00
Stephen Smalley
07ba7c6853 mcstrans: Fix signed/unsigned warnings
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 14:54:28 -05:00
Stephen Smalley
7935dee8f6 Drop ChangeLog files
They can be generated as desired via git log.
No need to keep maintaining them by hand.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 12:10:58 -05:00
Jason Zaman
c094ca9662 restorecond: Add gitignore
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-11-16 11:20:05 -05:00
Jason Zaman
62cb9fc165 mcstrans: Add utils gitignore
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-11-16 11:20:05 -05:00
Jason Zaman
9123b38cae Add stub make test targets to new subdirs
Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-11-16 11:20:05 -05:00
Jason Zaman
089000ad1c mcstrans: take LIBDIR from args, dont guess
All the other makefiles just have LIBDIR optionally set so it can be
overridden. These makefiles were autodetecting incorrectly. uname -i
returns "GenuineIntel" so should have been uname -m.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-11-16 11:20:05 -05:00
Jason Zaman
30cbe52c5b mcstrans: Fix Werror=shadow errors
gcc -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror -I../include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -fPIE -c -o mcstrans.o mcstrans.c
mcstrans.c: In function ‘violates_constraints’:
mcstrans.c:551:14: error: declaration of ‘common’ shadows a previous local [-Werror=shadow]
    ebitmap_t common;
              ^
mcstrans.c:545:13: error: shadowed declaration is here [-Werror=shadow]
   ebitmap_t common;
             ^
mcstrans.c: In function ‘build_regexps’:
mcstrans.c:1048:7: error: declaration of ‘i’ shadows a previous local [-Werror=shadow]
   int i=0;
       ^
mcstrans.c:993:15: error: shadowed declaration is here [-Werror=shadow]
  size_t n_el, i;
               ^
mcstrans.c: In function ‘compute_raw_from_trans’:
mcstrans.c:1166:9: error: declaration of ‘rc’ shadows a previous local [-Werror=shadow]
     int rc = pcre_exec(g->prefix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
         ^
mcstrans.c:1123:6: error: shadowed declaration is here [-Werror=shadow]
  int rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT);
      ^
mcstrans.c:1174:9: error: declaration of ‘rc’ shadows a previous local [-Werror=shadow]
     int rc = pcre_exec(g->suffix_regexp, 0, work, work_len, 0, 0, ovector, OVECCOUNT);
         ^
mcstrans.c:1123:6: error: shadowed declaration is here [-Werror=shadow]
  int rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT);
      ^
mcstrans.c:1189:9: error: declaration of ‘rc’ shadows a previous local [-Werror=shadow]
     int rc = pcre_exec(g->word_regexp, 0, s, l, 0, 0, ovector, OVECCOUNT);
         ^
mcstrans.c:1123:6: error: shadowed declaration is here [-Werror=shadow]
  int rc = pcre_exec(domain->base_classification_regexp, 0, work, work_len, 0, PCRE_ANCHORED, ovector, OVECCOUNT);
      ^
mcstrans.c: In function ‘compute_trans_from_raw’:
mcstrans.c:1328:14: error: declaration of ‘unhandled’ shadows a previous local [-Werror=shadow]
    ebitmap_t unhandled, orig_unhandled;
              ^
mcstrans.c:1291:49: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                                                 ^
mcstrans.c:1328:25: error: declaration of ‘orig_unhandled’ shadows a previous local [-Werror=shadow]
    ebitmap_t unhandled, orig_unhandled;
                         ^
mcstrans.c:1291:60: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                                                            ^
mcstrans.c:1360:15: error: declaration of ‘handled’ shadows a previous local [-Werror=shadow]
     ebitmap_t handled, nothandled;
               ^
mcstrans.c:1291:28: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                            ^
mcstrans.c:1360:24: error: declaration of ‘nothandled’ shadows a previous local [-Werror=shadow]
     ebitmap_t handled, nothandled;
                        ^
mcstrans.c:1291:37: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                                     ^
mcstrans.c:1377:17: error: declaration of ‘temp’ shadows a previous local [-Werror=shadow]
       ebitmap_t temp;
                 ^
mcstrans.c:1291:22: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                      ^
mcstrans.c:1378:17: error: declaration of ‘bit_diff’ shadows a previous local [-Werror=shadow]
       ebitmap_t bit_diff;
                 ^
mcstrans.c:1291:12: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
            ^
mcstrans.c:1403:16: error: declaration of ‘bit_diff’ shadows a previous local [-Werror=shadow]
      ebitmap_t bit_diff;
                ^
mcstrans.c:1291:12: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
            ^
mcstrans.c:1407:16: error: declaration of ‘temp’ shadows a previous local [-Werror=shadow]
      ebitmap_t temp;
                ^
mcstrans.c:1291:22: error: shadowed declaration is here [-Werror=shadow]
  ebitmap_t bit_diff, temp, handled, nothandled, unhandled, orig_unhandled;
                      ^
mcstrans.c:1434:19: error: declaration of ‘g’ shadows a previous local [-Werror=shadow]
     word_group_t *g;
                   ^
mcstrans.c:1335:18: error: shadowed declaration is here [-Werror=shadow]
    word_group_t *g;
                  ^
cc1: all warnings being treated as errors
Makefile:35: recipe for target 'mcstrans.o' failed
make[2]: *** [mcstrans.o] Error 1

Signed-off-by: Jason Zaman <jason@perfinion.com>
2016-11-16 11:20:05 -05:00
Stephen Smalley
618a64aea3 semodule-utils: Drop -lselinux from Makefiles.
These programs do not depend on libselinux.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
25c167a6ea Add COPYING files for new subdirs.
Copied from policycoreutils/COPYING, from which these originated.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
f0e61d336f Fix release script
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
4480129412 restorecond: break source dependency on policycoreutils/setfiles
Now that restorecond is separated from policycoreutils, we should not
retain a build dependency on the policycoreutils/setfiles source files.
Fork the restore.[ch] files for restorecond.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
65f5868c23 Move policycoreutils/semodule_package to semodule-utils.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
6bd0b55380 Add VERSION files for new components
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
f0cc95435f Fix release script for packages that need prefixes.
We need prefixes for dbus, gui, python at least, and
we'll include sandbox too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
1c8505dac2 Update release script for the new structure.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
6e4bb702af mcstrans: fix clang warnings
Fix the following warnings from clang.

mcstrans.c:1309:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
        if (violates_constraints(l)) {
            ^~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
        while (groups)
               ^~~~~~
mcstrans.c:1309:2: note: remove the 'if' if its condition is always false
        if (violates_constraints(l)) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mcstrans.c:1303:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
        if (!l)
            ^~
mcstrans.c:1491:9: note: uninitialized use occurs here
        while (groups)
               ^~~~~~
mcstrans.c:1303:2: note: remove the 'if' if its condition is always false
        if (!l)
        ^~~~~~~
mcstrans.c:1299:6: warning: variable 'groups' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized]
        if (!level)
            ^~~~~~
mcstrans.c:1491:9: note: uninitialized use occurs here
        while (groups)
               ^~~~~~
mcstrans.c:1299:2: note: remove the 'if' if its condition is always false
        if (!level)
        ^~~~~~~~~~~
mcstrans.c:1316:2: note: variable 'groups' is declared here
        word_group_t *groups = NULL;
        ^
3 warnings generated.
mcscolor.c:334:24: warning: size argument in 'strncat' call appears to be size of the source [-Wstrncat-size]
                strncat(result, buf, sizeof(buf));

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
b97d959a6a Move policycoreutils/sepolgen-ifgen into python/audit2allow.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
50be5fcca4 Move sepolicy desktop and png files to gui.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
eeba5952df mcstrans: Add a relabel target.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
233fe333f8 mcstrans: Add .gitignore file
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
fe74095490 Build mcstrans.
We should build it by default or else it will bitrot.
But you can still omit it by overriding OPT_SUBDIRS.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
3dcdc46378 Make it easy to omit optional components.
Split optional components into their own overridable OPT_SUBDIRS
definition.  Then you can build without them via make OPT_SUBDIRS=
or specify a subset of them in that manner.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
c9c97d6e8b Move policycoreutils/semodule_{deps,expand,link} to semodule-utils.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
48dc232627 Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00