Commit Graph

611 Commits

Author SHA1 Message Date
Richard Haines
c2cb37580a libselinux: Free memory when processing media and x specfiles
Ensure all memory is freed - checked using valgrind

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:35:11 -04:00
Richard Haines
5d19497b5c libselinux: Fix mmap memory release for file labeling
Ensure the mmap start address and length are not modified so the memory
used can be released when selabel_close(3) is called.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-09-15 10:30:37 -04:00
Stephen Smalley
cb0030ff5b Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-25 15:05:05 -04:00
Wenzong Fan
966855d9a1 libselinux: get pywrap depends on selinux.py
The selinux.py is generated at compile-time and will be installed as
python module "selinux/__init__.py", just make sure that it has been
generated completely while starting "make install-pywrap".

This fixes below errors that caused by an empty "selinux/__init__.py":

  $ /usr/sbin/semanage -h

  Traceback (most recent call last):
  File "/usr/sbin/semanage", line 30, in <module>
    import seobject
  File "/usr/lib64/python2.7/site-packages/seobject.py", line 27, in <module>
    import sepolicy
  File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 226, in <module>
    def get_file_equiv_modified(fc_path = selinux.selinux_file_context_path()):
  AttributeError: 'module' object has no attribute 'selinux_file_context_path'

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
2015-08-25 15:04:22 -04:00
Stephen Smalley
15d5b8d0fa Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-25 14:53:48 -04:00
Richard Haines
50640d313d libselinux: Add policy context validation to sefcontext_compile
Add -p option that will take a binary policy file to validate
context entries in the text file_contexts file.

Should validation fail the binary file will not be written.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-08-25 14:49:13 -04:00
Stephen Smalley
b6c0a35dc4 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-07 12:15:07 -04:00
Stephen Smalley
8a9d25a8e9 libselinux: do not treat an empty file_contexts(.local) as an error
file_contexts can be legitimately empty, particularly when dealing with
a file_contexts.local file.  The change to test for file_contexts.bin
format by magic number was treating an EOF condition as a fatal error,
thereby causing an error on empty file_contexts.local files.  Only
treat it as an error if there was truly an error on the read, as
checked via ferror().  Otherwise, clear the error and EOF indicators
so that they do not persist when we rewind the file and try to read
it as text.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-07 10:02:35 -04:00
Stephen Smalley
3e46f3199e Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 14:58:08 -04:00
Stephen Smalley
a32da77251 libselinux: fail hard on invalid property_contexts entries
Fail hard on any error during property_contexts (or service_contexts)
processing.  We want to catch any such errors early and not proceed
with a potentially mislabeled system.

Also remove some obsoleted tests for NULL; they were necessary
in earlier versions of the code where we were copying the strings
at this point, but no longer.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 14:55:02 -04:00
Stephen Smalley
8713313a51 libselinux: fail hard on invalid file_contexts entries
Fail hard on any error during file_contexts processing.
We want to catch any such errors early and not proceed
with a potentially mislabeled system.  This was the original
logic but was loosened long ago to more gracefully handle
user error in Linux distributions (a single typo could lead
to not being able to label anything, even if the relevant
entry for the files in question was correct).  However,
in Android, file_contexts is not modified at runtime and
we want to fully validate it at build, so we want to fail
hard in these cases, and in modern Linux, file_contexts is
modified using tools (semanage, semodule) and a library
(libsemanage) that should already be fully validating values
before adding entries, and that trigger a setfiles -c validation
(equivalent to Android checkfc) before committing the transaction.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 14:51:36 -04:00
Stephen Smalley
49346faa05 libselinux: support context validation on file_contexts.bin
If file_contexts.bin was opened with SELABEL_OPT_VALIDATE set, then
we should validate contexts in the same manner as with file_contexts.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 14:11:36 -04:00
Stephen Smalley
c95ede0034 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 11:35:16 -04:00
Stephen Smalley
9f9e3f2102 libselinux: test for file_contexts.bin format
Check to see if the file whose path is passed to selabel_open() starts
with the file_contexts.bin magic number, and if so, automatically
treat it as a file_contexts.bin file.  This allows one to open
file_contexts.bin formatted files without necessarily having a .bin
file suffix.  This removes the need for the previously added
.bin file suffix test.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 11:34:21 -04:00
Stephen Smalley
6f295008ef libselinux: add selabel_cmp interface and label_file backend
Add a selabel_cmp() interface for comparing two label configurations,
and implement it for the file backend (i.e. for file_contexts). This
allows comparing two file_contexts configurations to see if the first
is a subset of, equal/identical to, a superset of, or incomparable to
the second.  The motivating use case is to allow comparing two
file_contexts.bin files in Android CTS to confirm that a device
file_contexts.bin file contains all of the entries in the AOSP
general file_contexts.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-06 11:34:00 -04:00
Stephen Smalley
ec861462fa Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-05 13:05:00 -04:00
Stephen Smalley
09ea624d12 libselinux: support specifying file_contexts.bin file path
At present, the label_file backend expects to be provided the path
to the text file_contexts file and always appends the .bin suffix
when checking for the binary file_contexts.bin file.  If one
attempts to directly specify the path to a file_contexts.bin file
to selabel_open(), it will fail as the code will append a second
.bin suffix to it.  Check to see if the file path already has a .bin
suffix and do not append it in that case.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-05 13:03:36 -04:00
Stephen Smalley
0454b7ac2c libselinux: support file_contexts.bin without file_contexts
Change the label_file backend in libselinux to support systems
that only have file_contexts.bin files installed and do not ship
a file_contexts file at all.  Only fail if neither file can be
loaded.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-08-05 13:03:23 -04:00
Stephen Smalley
5c5183171d Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-22 09:20:29 -04:00
Stephen Smalley
fec839cf17 libselinux: simplify procattr cache
https://github.com/systemd/systemd/issues/475 identified a problem
in libselinux with using getpid(3) rather than getpid(2) due to direct
use of the clone() system call by systemd.  We could change libselinux
to use getpid(2) instead, but this would impose a getpid(2) system call
overhead on each get*con() or set*con() call.  Rather than do this,
we can instead simplify the procattr cache and get rid of the
caching of the pid and tid entirely, along with the atfork handler.
With commit 3430519109 ("use
/proc/thread-self when available"), we only need the tid when
on Linux < 3.17, so we can just always call gettid() in that case (as
done prior to the procattr cache) and drop the cached tid. The cached
pid and atfork handlers were only needed to reset the cached tid, so
those can also be dropped. The rest of the cached attributes are not
reset by the kernel on fork, only on exec, so we do not need to
flush them upon fork/clone.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-20 12:56:01 -04:00
Stephen Smalley
728b1ad2e8 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-13 09:23:53 -04:00
Stephen Smalley
3430519109 libselinux: use /proc/thread-self when available
Linux 3.17 introduced a /proc/thread-self symlink that can be used
to reference the proc files of the current thread without needing to
use gettid(2).  Use this symlink when it exists, falling back to
using gettid(2) when it does not.  This is generally beneficial, but
was specifically motivated by https://github.com/systemd/systemd/issues/475.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-13 09:13:00 -04:00
Stephen Smalley
0079008a54 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-10 12:31:08 -04:00
Richard Haines
f2cd2f821f libselinux: Add const to selinux_opt for label backends.
Change selabel_open and label backends to take a
'const struct selinux_opt' argument. This work has already
been done for the Android version components.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-07-10 12:30:09 -04:00
Stephen Smalley
0979e35ddb Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-06 11:10:17 -04:00
Richard Haines
f309a0e88c libselinux: Fix binary file labels for regexes with metachars
File labels assigned using the lookup_best_match() function do not
assign the best match if its regex contains metacharacters in the
binary file_contexts file version.

This change adds a new entry in the binary file with the calculated
prefix length that is then read when processing the file. This fix
also bumps SELINUX_COMPILED_FCONTEXT_MAX_VERS.

This patch relies on patch [1] that fixes the same problem
for text based file_contexts files.

[1] http://marc.info/?l=selinux&m=143576498713964&w=2

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-07-06 11:09:12 -04:00
Stephen Smalley
36938c293e Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-07-06 10:59:01 -04:00
Jeff Vander Stoep
35a7c3e536 libselinux: Fix file labels for regexes with metachars
File labels assigned using the lookup_best_match() function do not
assign the best match if its regex contains metacharacters.

For non-exact regex matches, lookup_best_match() finds the closest match
by tracking the length of the matching prefix. Prefix match is tracked via
the prefix_len variable. This was previously calculated and set in
the spec_hasMetaChars() function. Commit 3cb6078 removed the
prefix_len calculation, this commit restores it.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
2015-07-06 10:58:09 -04:00
Stephen Smalley
539b408cc2 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-26 12:58:16 -04:00
Richard Haines
893c2924e0 libselinux: Fix if file_contexts not '\n' terminated
If the last line of a file_contexts file is not '\n' terminated
or if any line has additional isspace(3) characters at end, it
gave an invalid file type error.
read_spec_entries now handles these situations.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-06-26 12:36:16 -04:00
Stephen Smalley
aab9d90b35 libselinux: Correctly handle an empty file_contexts file.
If you add some local file contexts via semanage fcontext -a and
later delete them all via semanage fcontext -D, you get an empty
file_contexts.local file.  Then when you try to load it, getline()
returns 0 and we fall through to the out path without having set rc.
In label_file.c, rc will always be non-zero at this point because
we will have failed the load_mmap() call.  In sefcontext_compile,
rc may contain random garbage at this point.  Explicitly set rc
before the loop.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-22 09:11:33 -04:00
Stephen Smalley
ac78c677ab Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-16 12:30:35 -04:00
Richard Haines
3cb6078ae5 libselinux: Enhance file context support
Update file contexts generation and loading to use common code.

Remove "status = 0; after "status = sort_specs(data);" otherwise
the function will never indicate a failure.

The file labeling code also has minor formatting, white space
removal etc. changes.

label_file.c - Move process_line function to label_file.h
sefcontext_compile.c - Update to use common process_line code. Now frees
all malloc'ed memory, checked by valgrind. Also added optional -o output
file parameter - updated man page to reflect this change.

V2 - Revert to using compat_validate instead of selabel_validate.
V3 - Revert to using callback for validation now the problem has been
fixed by commit e889148494
("libselinux:  build sefcontext_compile with static libselinux")

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-06-16 12:30:08 -04:00
Stephen Smalley
e889148494 libselinux: build sefcontext_compile with static libselinux
sefcontext_compile depends on libselinux internals, so it might
as well use static libselinux.  Hide read_spec_entries as this is not
intended as a public interface for shared library users.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-15 15:25:42 -04:00
Stephen Smalley
4ed298c652 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-15 11:54:27 -04:00
Richard Haines
9eae65894a libselinux: Fix property processing and cleanup formatting
Fix memory issues flagged by valgrind.
These changes bring the property service in line with Android [1]

V2 reverts to original upstream %u when logging errors. Android needs
these corrections also.

[1] https://android-review.googlesource.com/#/c/153580/

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-06-15 11:53:38 -04:00
Stephen Smalley
59e02f65ca libselinux: Drop confusing comment.
When Eamon created label_file.c, he drew code from the setfiles program,
which I originally wrote.  At the time, setfiles had a comment
about being derived in part from the setfiles.pl script written by SCC, so
Eamon put a comment in label_file.c that tried to preserve that lineage.
However, there was no real code lineage there.  The setfiles program
was inspired by the setfiles.pl perl script, but the implementation was
a complete rewrite.  And while label_file.c drew some data structures and
code from the setfiles C program, it had nothing to do with the setfiles.pl
script at all.  Just drop the comment; it serves no purpose.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-08 12:49:49 -04:00
Stephen Smalley
e2eaec298f Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-06-03 10:49:35 -04:00
Richard Haines
af41e2b5ff libselinux: Add read_spec_entries function to replace sscanf
Currently sscanf is used with %ms parameters that are not supported
on all platforms. The new read_spec_entries function may be used
to replace these where required. This patch updates
sefcontext_compile, label_file and label_android_property services
to use the new function.

The file and property services have been tested on Android emulator
and the file service on Fedora 21.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-06-03 10:43:33 -04:00
Stephen Smalley
ae662a0654 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-27 12:30:22 -04:00
Richard Haines
f233d01015 libselinux: Support consistent mode size for bin files
Currently sefcontext_compile defines the mode field as mode_t whose
size will vary depending on the architecture (e.g. 32 bit / 64 bit).
This patch sets the size when writing/reading binary files to
uint32_t. The file version is set to SELINUX_COMPILED_FCONTEXT_MODE

V2 fixes those listed in http://marc.info/?l=selinux&m=143273965514292&w=2

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-05-27 12:22:32 -04:00
Stephen Smalley
e595ed2023 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-27 11:50:59 -04:00
Stephen Smalley
ab73411556 libselinux: Expunge remaining references to flask.h and av_permissions.h.
Missed a few references to these header files when they were
deprecated in 76913d8adb.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-27 11:44:40 -04:00
Stephen Smalley
674256be88 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-26 11:41:44 -04:00
Richard Haines
f7148d5973 Fix more bin file processing core dumps
The reading of bin files has been changed to follow that of loading
policy to catch over-runs. Entries that should be NUL terminated are
also checked. If any error, then process the text file. This should
fix all problems highlighted in [1] with V2 fixing those in [2].
V3 corrects int32_t/uint32_t for *_len entries and V4 fixes [3]
and adds pcre_fullinfo checks to validate regex and study data
sizes. pcre_fullinfo also validates its magic number.

Tested with bin files built using sefcontext_compile PCRE_VERS 1 and 2.

The following is a rough guide to the difference in processing a bin
file against a text file:
   6K entries - x5
   4K entries - x4
   1K entries - x3
   500 entries - x2

[1] http://marc.info/?l=selinux&m=143101983922281&w=2
[2] http://marc.info/?l=selinux&m=143161763905159&w=2
[3] http://marc.info/?l=selinux&m=143204170705586&w=2

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-05-26 11:32:23 -04:00
Stephen Smalley
49a17da15c Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-21 13:12:23 -04:00
Petr Lautrbach
8d7c2854c5 libselinux: add selinux_openssh_contexts_path()
openssh in Fedora uses "sshd_net_t" type for privilege separated
processes in the preauthentication phase. Similarly, openssh portable uses
"sftp_t" for internal-sftp processes. Both type are hardcoded what is not ideal.
Therefore selinux_openssh_contexts_path() was created to get a path where sshd
can get a correct types prepared by a distribution or an administrator.

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-05-21 13:11:36 -04:00
Stephen Smalley
af8e863c12 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-20 16:37:03 -04:00
Stephen Smalley
a03f006d7e libselinux: setrans_client: minimize overhead when mcstransd is not present.
As mcstransd is not installed/running by default, we should not impose
the overhead of trying to connect to it on each operation that takes or
returns a security context string.  Test for the existence of the socket
file on first use, and if the socket file does not exist, then skip the
processing on all subsequent calls.

Previously we had a similar attempt at optimization by checking
whether MLS was enabled, but since the kernel MLS support is enabled
even for -mcs and mcstransd is no longer installed/running by default,
this is not a useful optimization.  Just replace it with the new test.

Compare strace ls -Z /usr/bin |& grep .setrans-unix before and after
this patch to get a sense of the impact.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-20 16:19:20 -04:00
Stephen Smalley
8dcfaddec8 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-18 11:54:07 -04:00
Richard Haines
fc12f93a13 libselinux: Ensure selabel_lookup_best_match links NULL terminated
Ensure that the array of strings is NULL terminated to stop core
dumps. Also cleaned up code.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-05-18 11:53:25 -04:00
Stephen Smalley
85bb06b31c Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-11 10:30:10 -04:00
Stephen Smalley
c08c4eacab libselinux: is_selinux_enabled: Add /etc/selinux/config test.
To avoid regressions such as the one reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1219045
add a test for /etc/selinux/config to is_selinux_enabled().

This ensures that systems that do not install selinux-policy
will continue to return 0 from is_selinux_enabled().

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-11 10:30:01 -04:00
Stephen Smalley
26e05da0fc libselinux: matchpathcon/selabel_file: Fix man pages.
As discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1219718,
there are several inconsistencies between the matchpathcon man page
and the implementation.  The same is true of the SELABEL_OPT_SUBSET
option for the selabel_file backend.  Fix the man pages for both.
Also note in the man pages that the entire matchpathcon family
of functions is deprecated and recommend use of the corresponding
selabel interfaces for new code.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-11 09:53:37 -04:00
Stephen Smalley
fe0366b8ed Update libselinux ChangeLog. 2015-05-07 12:47:21 -04:00
Richard Haines
a351eb01a8 libselinux: Fix core dumps with corrupt *.bin files
Check buffer address limits when processing *.bin files
to catch any over-runs. On failure process text file instead.

To test, the bin files were corrupted by adding and removing
various bits of data. Various file sizes were also checked and
all were caught by the patch.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
2015-05-07 12:00:07 -04:00
Stephen Smalley
4d0d9c7004 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-06 11:59:18 -04:00
Richard Haines
e7f970ffd1 libselinux: Add selabel partial and best match APIs
Add support for new API functions selabel_partial_match and
selabel_lookup_best_match ported from the Android libselinux
fork.

Add supporting man(3) pages and test utilities: selabel_lookup,
selabel_lookup_best_match and selabel_partial_match.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-06 11:58:44 -04:00
Steve Lawrence
de4f82bb7f Move ChangeLog entry to the correct project 2015-04-21 08:49:32 -04:00
Miro Hrončok
42ac8d6dc4 libselinux: selinux.py - use os.walk() instead of os.path.walk()
os.path.walk() function is deprecated and has been removed in Python 3

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
2015-04-21 08:15:02 -04:00
Stephen Smalley
27d5377cc7 Updated libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-17 12:38:10 -04:00
Stephen Smalley
685f4aeead libselinux: is_selinux_enabled(): drop no-policy-loaded test.
SELinux can be disabled via the selinux=0 kernel parameter or via
/sys/fs/selinux/disable (triggered by setting SELINUX=disabled in
/etc/selinux/config).  In either case, selinuxfs will be unmounted
and unregistered and therefore it is sufficient to check for the
selinuxfs mount.  We do not need to check for no-policy-loaded and
treat that as SELinux-disabled anymore; that is a relic of Fedora Core 2
days.  Drop the no-policy-loaded test, which was a bit of a hack anyway
(checking whether getcon_raw() returned "kernel" as that can only happen
if no policy is yet loaded and therefore security_sid_to_context() only
has the initial SID name available to return as the context).

May possibly fix https://bugzilla.redhat.com/show_bug.cgi?id=1195074
by virtue of removing the call to getcon_raw() and therefore avoiding
use of tls on is_selinux_enabled() calls.  Regardless, it will make
is_selinux_enabled() faster and simpler.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-17 09:38:18 -04:00
Stephen Smalley
974f565415 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 09:51:31 -04:00
Stephen Smalley
082f1d1274 libselinux: Remove deprecated mudflap option.
The mudflap run time checker was removed in GCC 4.9.  The
option no longer does anything and triggers a warning from gcc 4.9
and later.  Remove it.  We might want to add -fsanitize=address
to enable AddressSanitizer in its place, but that should be a separate
change.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 08:23:55 -04:00
Stephen Smalley
c4bd396492 Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-04-16 07:50:25 -04:00
Ben Shelton
9df4988846 libselinux: Mount procfs before checking /proc/filesystems
In the case where the SELinux security module is not loaded in the
kernel and it's early enough in the boot process that /proc has not yet
been mounted, selinuxfs_exists() will incorrectly return 1, and
selinux_init_load_policy() will print a message like this to the
console:

Mount failed for selinuxfs on /sys/fs/selinux:  No such file or directory

To fix this, mount the procfs before attempting to open
/proc/filesystems, and unmount it when done if it was initially not
mounted.  This is the same thing that selinux_init_load_policy() does
when reading /proc/cmdline.

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
2015-04-16 07:49:14 -04:00
Stephen Smalley
50788b155d Update libselinux and policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-13 14:18:34 -04:00
Petr Lautrbach
417cb8d076 Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0

- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-13 14:14:23 -04:00
Stephen Smalley
ae44b7bb39 libselinux: sefcontext_compile: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 12:20:42 -05:00
Stephen Smalley
07ed7784cf Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:50:56 -05:00
Nick Kralevich
716e3820c5 libselinux: label_file: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:42:09 -05:00
Stephen Smalley
b2beb5304d Update libselinux Changelog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 11:08:51 -05:00
Stephen Smalley
2d5ac1c931 libselinux: getcon.3: Fix setcon description.
The man page description for setcon() was never updated for the
introduction of bounded transitions in Linux 2.6.28.  Update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 10:54:56 -05:00
Stephen Smalley
d8b2a0ab50 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:46:45 -05:00
Stephen Smalley
914e591c41 libselinux: fix audit2why error handling if SELinux is disabled.
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null):  Bad address

We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy.  But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy.  Handle this case and provide a hint to
the user.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:15:34 -05:00
Stephen Smalley
54075fb3cd Update libselinux and libsepol ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:25:41 -05:00
Stephen Smalley
1434267419 libselinux: pcre_study can return NULL without error.
Per the man page, pcre_study can return NULL without error if
it could not find any additional information.  Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.

Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 16:11:10 -05:00
Robert Craig
eb0ba200b5 libselinux: Adjustments to android property backend.
Allow the android property backend parser to accept the
SELABEL_OPT_VALIDATE option and to perform a validate
callback.

Extracted from the Android external/libselinux tree.

Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
2015-02-02 15:36:13 -05:00
Stephen Smalley
2fa21cc840 libselinux: Only check SELinux enabled status once in selinux_check_access().
Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access().  Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.

Extracted from the Android external/libselinux tree.

Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 14:09:06 -05:00
Steve Lawrence
f0c9966f88 Bump to final release 2015-02-02 09:38:10 -05:00
Steve Lawrence
823ebc8c6b Bump to release candidate 7 2014-12-03 10:06:26 -05:00
Steve Lawrence
07e75a9cc7 Bump to release candidate 6 2014-11-12 08:30:15 -05:00
Steve Lawrence
d1db56c52b Bump to release candidate 5 2014-10-29 11:01:03 -04:00
Steve Lawrence
71393a181d libselinux: libsepol: use ln --relative to create .so symlinks
The current build system assumes SHLIBDIR is ../../ relative to LIBDIR.
However, this isn't always the case. For example, Arch Linux sets both
LIBDIR and SHLIBDIR to /usr/lib, which results in broken symlinks.

Instead of making that assumption, create .so symlinks using ln
--relative so that the correct relative paths are used. Note that this
adds a dependency for the build system to use coretuils-8.16 or later.

Fixes #2

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-22 08:25:44 -04:00
Steve Lawrence
6280387034 Bump to release candidate 4 2014-10-06 15:03:24 -04:00
Steve Lawrence
ff5bbe6dcf Bump VERSION/ChangeLog for release candidate 3
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 10:16:34 -04:00
Nicolas Iooss
ae5de8ae69 libselinux: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:11 -04:00
Laurent Bigonville
1550132ede libselinux: man: Add missing manpage links to security_load_policy.3
Add the missing manpage link for selinux_init_load_policy(3) and
selinux_mkload_policy(3) to security_load_policy(3)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753803

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-09-02 08:31:15 -04:00
Steve Lawrence
213c3189d0 Bump versions for r2
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-27 11:47:04 -04:00
Steve Lawrence
8f9d3a7c95 Fix typos in ChangeLog and Versions 2014-08-26 14:20:48 -04:00
Steve Lawrence
79fd2d06ab Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 09:48:54 -04:00
Dan Walsh
70b23853a8 libselinux: Compiled file context files and the original should have the same permissions
Currently the compiled file context files can end up with different
permissions then the original.  This can lead to non priv users
not being able to read the compiled versions.
2014-08-26 07:59:02 -04:00
Stephen Smalley
76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00
Stephen Smalley
ac33098a80 Add pcre version string to the compiled file_contexts format.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:02:46 -04:00
Stephen Smalley
7bdc38ccb2 Log an error on unknown classes and permissions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-08 14:03:39 -04:00
Artyom Smirnov
056efe85d6 Add db_exception and db_datatype support to label_db backend
Hi,

in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception
and db_datatype were added to reference policy. This small patch
extends ability of label_db backend to work with these objects.

Regards.
2014-06-26 10:51:15 -04:00
Nicolas Iooss
78c9c97ab9 libselinux: fix typo in man page 2014-06-12 08:20:41 -04:00
Will Woods
241fac2728 selinux_init_load_policy: setenforce(0) if security_disable() fails
If you run selinux_init_load_policy() after a chroot/switch-root, it's
possible that your *previous* root loaded policy, but your *new* root
wants SELinux disabled.

We can't disable SELinux in this case, but we *do* need to make sure
it's permissive. Otherwise we may continue to enforce the old policy.

So, if seconfig = -1, but security_disable() fails, we set *enforce=0,
and then let the existing code handle the security_{get,set}enforce
stuff.

Once that's handled, exit with failure via "goto noload", as before.
2014-05-07 15:24:35 -04:00
Stephen Smalley
1e6482134b Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-06 13:30:27 -04:00
Stephen Smalley
35b3c259a7 2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-25 13:24:44 -04:00
Stephen Smalley
269b45c8bb Update libselinux/ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-19 16:12:55 -05:00
Stephen Smalley
9eb9c93275 Get rid of security_context_t and fix const declarations.
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 16:11:48 -05:00
Stephen Smalley
1cb368636b Updated libselinux/ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-06 14:07:18 -05:00
Guillem Jover
a2737333c7 libselinux: Refactor rpm_execcon() into a new setexecfilecon()
This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.

Base rpm_execcon() off this new function.

Signed-off-by: Guillem Jover <guillem@debian.org>
2014-01-06 14:06:03 -05:00
Stephen Smalley
2ba1541f21 Merge branch 'master' into next 2013-12-30 14:40:32 -05:00
Stephen Smalley
edc2e99687 libselinux 2.2.2 - userspace AVC per-domain permissive handling fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:39:59 -05:00
Stephen Smalley
dcd8167f77 Coding style fix for sizeof operator.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:38:11 -05:00
Stephen Smalley
85a42ec87d Fix a bug in the userspace AVC that broke per-domain permissive mode.
Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for userspace
permission checks.

Also ensure that we clear the entire structure.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:36:19 -05:00
Colin Walters
d24fb6834d selinux_set_mapping: Document it
This patch may not actually be useful since there's a man page.
2013-11-07 15:43:54 -05:00
Stephen Smalley
27238433ad Bump libselinux version to 2.2.1 for pkg-config fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 14:56:30 -05:00
Stephen Smalley
7e7916932b Remove -lpthread from pkg-config file.
libselinux uses weak bindings to pthread functions and will fall
back to non-threaded implementations if the caller is not linked
with libpthread.  Avoid requiring all users of libselinux to
link with libpthread.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 14:55:23 -05:00
Stephen Smalley
7c4bb77999 Version bump for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:45:19 -04:00
Stephen Smalley
8e5d465335 Update ChangeLog files.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:42:05 -04:00
Laurent Bigonville
9792099fd7 Properly build the swig exception file even if the headers are missing
During build if the headers are not installed in the system path, the
generated swig exception (.i) file might be empty.
2013-10-30 12:19:02 -04:00
Dan Walsh
6d0f111421 Change audit2why to return constraint information on denial.
This patch uses Richard Haines fixes in libsepol to help identify which
constraint is blocking access.  The end goal is helping policy writers
and administrators to diagnose issues with their policy.
2013-10-29 08:49:51 -04:00
Stephen Smalley
8b114a3bf2 Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.

Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-28 16:52:50 -04:00
Stephen Smalley
a08010023b Update ChangeLogs and bump VERSIONs to an intermediate value.
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version.  Switching to 2-component versions.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-25 15:14:23 -04:00
Stephen Smalley
56258807ea Revert "Richard Haines patch that allows us discover constraint violation information"
This reverts commit 56b49ab711.

Conflicts:
	libselinux/src/audit2why.c
2013-10-25 13:53:03 -04:00
Stephen Smalley
f458b76076 Merge branch 'fedora' into master-merge
Conflicts:
	libselinux/src/Makefile
	libselinux/src/selinux_config.c
	policycoreutils/audit2allow/audit2allow.1
	policycoreutils/scripts/fixfiles.8
	policycoreutils/semanage/semanage.8
	policycoreutils/sepolicy/Makefile
	policycoreutils/sepolicy/sepolicy/transition.py
	policycoreutils/setsebool/setsebool.8
2013-10-24 15:24:17 -04:00
Sven Vermeulen
52d52fe2d6 Make RANLIB variable overridable
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:41 -04:00
Sven Vermeulen
e1ecb2cdb4 Update pkgconfig definition
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:41 -04:00
Sven Vermeulen
6068fcb361 Mount sys before trying to mount selinuxfs
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:41 -04:00
Dan Walsh
874a976470 Fix handling of temporary file in sefcontext_compile.c
This way if something goes wrong regex file will not be corrupt.
2013-10-24 13:58:38 -04:00
Dan Walsh
c32da69e01 Fixes for procattr calls to handle cache properly.
We were asked not to link to libpthread but to use gcc internals.
We were not handling properly the fact that a cache was UNSET, and this
patch fixes this.
2013-10-24 13:58:38 -04:00
Dan Walsh
9639f5d9a8 Add decent constants for python for return of getenforce call. 2013-10-24 13:58:38 -04:00
Dan Walsh
22671378f1 Fix label substituion to work with the equiv path of "/"
Software collections are setting up equiv directories to the root directory.
2013-10-24 13:58:38 -04:00
Dan Walsh
7eec00a5be Add selinux_current_policy_path, which returns the a pointer to the loaded policy
Also change audit2why to look at the loaded policy rather then searching on disk for
the policy file.  It is more likely that you are examining the running policy.
2013-10-24 13:58:38 -04:00
Dan Walsh
403f2cfeb8 Change get_context_list to return an error rather then guess at a match.
In the past pam_selinux would return a bogus login context if the login program
was running with the wrong context.  If you ran sshd as unconfined_t
you might get the login user loggin in as pam_oddjob_mkhomedir_t or some other bogus
type.  This change fixes the code to return an error if it can not return a good
match.
2013-10-24 13:58:38 -04:00
Dan Walsh
f1598dff7e Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.

See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-24 13:58:37 -04:00
Dan Walsh
fd56c5230c Separate out the calling of local subs and dist subs in selabel_sub
We want to allow users to setup their substitions to run fist and then run
the distro subs second.  This fixes the problem where a user defines
a sub like /usr/local/foobar and we ignore it.  We need this for
software collections which is setting up local subs of /opt/src/foobar/root /
2013-10-24 13:58:37 -04:00
Dan Walsh
51d9a078c2 Patch to change *setfilecon to not return ENOSUP if context matches.
Tools like cp -A try to maintain the context of a program and call *setfilecon,
currently if the file system does not support XAttrs we return ENOSUPP.  We have
been requested to check if the context that is being set is the same to not return this
error.  So if I try to set the label on an nfs share to system_u:object_r:nfs_t:s0 and I get
ENOSUPP, it will not return an error.
2013-10-24 13:58:37 -04:00
Dan Walsh
756013edc5 This patch fixes python parsing.
Eliminates a potential memory leaks.
2013-10-24 13:58:37 -04:00
Dan Walsh
851266c180 define SELINUX_TRANS_DIR in selinux.h
I wanted to separate this directory out in order for a new patch to mcstransd to watch
this directory for newly created files, which it could then translate.

The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then
setrans could translate the processes to show system_u:system_r:svirt_t:vm1
2013-10-24 13:58:37 -04:00
Dan Walsh
ce2a8848ad Add selinux_systemd_contexts_path
systemd has some internal contexts like generated systemd unit files
that we want to allow it to check against processes trying to manage them.
2013-10-24 13:58:37 -04:00
Dan Walsh
7fe6036ca5 Add selinux_set_policy_root sets an alternate policy root directory path
This allows us to specify under which the compiled policy file and context configuration
files exist. We can use this with matchpathcon to check the labels under alternate policies,
and we can use it for sepolicy manpage to build manpages during policy build.
2013-10-24 13:58:37 -04:00
Dan Walsh
2af252621b Add missing man page for sefcontext_compile 2013-10-24 13:58:37 -04:00
Dan Walsh
2540b20096 Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
Dan Walsh
a8b3340288 Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles 2013-10-24 13:58:37 -04:00
Dan Walsh
56b49ab711 Richard Haines patch that allows us discover constraint violation information
Basically we need this information to allow audit2allow/audit2why to better
describe which constraint is being broken.
2013-10-24 13:58:37 -04:00
Stephen Smalley
39b5a40295 Fix relabel target.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-23 12:44:30 -04:00
Joe MacDonald
fceca652c1 libselinux: avoid shadowing 'stat' in load_mmap
label_file.c: In function ‘load_mmap’:
   label_file.c:238:81: error: declaration of ‘stat’ shadows a global declaration [-Werror=shadow]
   cc1: all warnings being treated as errors

Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-10-22 14:22:42 -04:00
Joe MacDonald
2864f757dd libselinux: support building on older PCRE libs
Versions of PCRE prior to 8.20 did not have pcre_free_study().  In its
absence, use pcre_free() instead.

Signed-off-by: Joe MacDonald <joe@deserted.net>
2013-10-22 14:22:22 -04:00
Laurent Bigonville
ead1e1d8e2 libselinux: Fix various minor manpage issues and correct section numbering. 2013-10-16 15:10:34 -04:00
Laurent Bigonville
50b1654c1d libselinux: Do not use LDFLAGS to set -lpcre and -lpthread
This is breaking build if LDFLAGS is redefined.

This is the case on Debian where hardening flags are passed
automatically by the build system.
2013-10-16 15:10:14 -04:00
Laurent Bigonville
c45f797b28 libselinux: Allow overriding LIBBASE in src/Makefile 2013-10-16 15:09:26 -04:00
Sven Vermeulen
32e76a314e Current stable policycoreutils requires selinux_current_policy_path
Without this fix, stolen from Fedora's patchset, recent policycoreutils
just fails.

See http://marc.info/?t=136926404600001&r=1&w=2 and
see http://marc.info/?l=selinux&m=136692033821285&w=2

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 14:57:02 -04:00
Sven Vermeulen
a15451b523 Support udev-197 and higher
The errno value was not set, causing wrong return notifications and
failing to have udev label things correctly.

See https://bugzilla.redhat.com/show_bug.cgi?id=909826#c24 and
see https://bugs.gentoo.org/show_bug.cgi?id=462626

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 14:56:48 -04:00
Sven Vermeulen
e4cee831af Make RANLIB variable overridable
If the RANLIB variable is defined by the user, use that value instead of
the /usr/bin/ranlib binary.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 14:55:58 -04:00
Sven Vermeulen
1310e36026 Update pkgconfig definition
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 14:55:48 -04:00
Sven Vermeulen
ef3e072f58 Mount sys before trying to mount selinuxfs
If /sys is not present, the attempt to mount selinuxfs will of course
fail. So we try to mount /sys first (and only if that fails fall back to
the /selinux mount point) and then try to mount selinuxfs.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
2013-10-16 14:55:40 -04:00
Eric Paris
e9410c9b06 VERSION BUMP FOR UPSTREAM PUSH 2013-02-05 20:22:02 -05:00
Eric Paris
ce39302fd0 libselinux: sefcontext_compile: do not leak fd on error
We open the file which is to be used to write the binary format of file
contexts.  If we hit an error actually writing things out, we return,
but never close the fd.  Do not leak.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
4e5eaacc59 libselinux: matchmediacon: do not leak fd
Every time matchmediacon is called we open the
selinux_media_context_path().  But we never close the file.  Close the
file when we are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
1e8f102e8c libselinux: src/label_android_property: do not leak fd on error
We were opening the path, but if the fstat failed or it was not a
regular file we would return without closing the fd.  Fix my using the
common error exit path rather than just returning.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:21:52 -05:00
Eric Paris
0834ff3022 libselinux: do not leak file contexts with mmap'd backend
We use strdup to store the intended context when we have an mmap'd
file backend.  We, however, skipped freeing those contexts.

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Eric Paris
efb6347dd3 libselinux: unmap file contexts on selabel_close()
We were leaking all of the file context db because we didn't unmap them
on selabel_close()

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Dan Walsh
9c83b206e1 libselinux: pkg-config do not specifc ruby version
pkg-config do not work if you specifiy the version of ruby in Fedora 19

Signed-off-by: Eric Paris <eparis@redhat.com>
2013-02-05 20:14:48 -05:00
Eric Paris
1d403326ae libselinux: optimize set*con functions
Set*con now caches the security context and only re-sets it if it changes.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:47 -05:00
Dan Walsh
e9759ea7af libselinux: Change boooleans.subs to booleans.subs_dist.
Currently we ship other subs files with the _dist to indicate they come with
the distribution as opposed to being modified by the user.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:46 -05:00
Eric Paris
aa62cd60f7 libselinux: Fix errors found by coverity
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:45 -05:00
Eric Paris
c89deab09a libselinux: selinux_status_open: do not leak statusfd on exec
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:44 -05:00
Eric Paris
761881c947 libselinux: selinux_status_open: handle error from sysconf
We didn't handle sysconf(_SC_PAGESIZE) returning an error.  It should be
very rare, obviously, be we should handle it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:44 -05:00
Pádraig Brady
2f624c94c7 libselinux: man: context_new(3): fix the return value description
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:44 -05:00
Guillem Jover
be2d728599 libselinux: Use ENOTSUP instead of EOPNOTSUPP for getfilecon functions
EOPNOTSUPP means "operation not supoorted on socket", and ENOTSUP means
"not supported", although per POSIX they can be alised to the same
value and on Linux they do, ENOTSUP seems the more correct error code.
In addition these function are documented as returning ENOTSUP, and
given that they are implemented in means of getxattr(2) which does
return ENOTSUP too, this just consolidates their behaviour.

Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:44 -05:00
Guillem Jover
9acdd37989 libselinux: man: Add references and man page links to _raw function variants
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:43 -05:00
Guillem Jover
4f289b50ac libselinux: man: Fix typo in man page
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:43 -05:00
Guillem Jover
6ef13eeda7 libselinux: man: Fix man pages formatting
- Add man page sections '(N)' to external references, and '()' on
  functions described in the same man page.
- Escape minus signs when those are expected to be used on the command
  line or files.
- Mark files and variables in italic; Note headings, function names,
  constants, program options and man page references in bold.
- Do not justify and hyphenate SEE ALSO section, and avoid hyphenation
  on symbol names by prepending them with \%.
- Remove trailing dot from NAME section description.
- Split sections with a no-op command '.', to visually distinguish them
  but to avoid introducing spurious vertical space in the formatted
  output.
- Add explicit .sp commands in the SYNOPSIS section between function
  prototypes, and fix space placement in function protoypes.
- Split header includes with .br (instead of the explicit or implicit
  .sp) so that they are vertically contiguous.
- Add missing {} around SELINUXTYPE and POLICYTYPE variable text in
  paths.
- Remove unneeded formatting commands.
- Remove spurious blank lines.

Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:43 -05:00
Guillem Jover
8cc79bcd98 libselinux: man: Fix program synopsis and function prototypes in man pages
Fix typos, or wrong function prototypes.

Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:43 -05:00
Dan Walsh
7504bbd873 libselinux: audit2why: Cleanup audit2why analysys function
Tee-tiny cleanup to remove needless {}

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:42 -05:00
rhatdan
13b599d7b8 libselinux: mode_to_security_class: interface to translate a mode_t in to a security class
coreutils needs to be able to take a statbuf and ask permissions
questions.  This gives us the interface to translate that statbuf mode_t
into a security class which can be used.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:40 -05:00
Eric Paris
d09bcb75f5 libselinux: audit2why: do not leak on multiple init() calls
If init() was already called then avc will be set.  If avc is set just
return.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:40 -05:00
rhatdan
019e6fd6d4 libselinux: audit2why: Fix segfault if finish() called twice
If audit2why.finish is called more than once the global avc variable
will be NULL, and thus dereferencing it will obviously cause problems.
Thus just bail if avc is NULL and we know cleanup is done.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:39 -05:00
rhatdan
2677b72191 libselinux: man: make selinux.8 mention service man pages
We were listing a number of service man pages (like httpd_selinux) in
the see also section of selinux.8.  As that number of pages explodes it
does not make sense to try to list them all.  Instead tell people to use
man -k selinux to find them.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:39 -05:00
rhatdan
44cba24ba6 libselinux: sefcontontext_compile: Add error handling to help debug problems in libsemanage.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
a293048a59 libselinux: do not leak mmapfd
On failure, common if .bin is older than the text version, we will leak
the mmapfd.  Don't do that.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
9ebd779353 libselinux: label_file: use precompiled filecontext when possible
When loading the filecontext database, check to see if there is a newer
binary version.  If so, mmap that file, is used to populate the regex db
instead of reading from the text representation and compiling regex's as
needed.  If the text file is newer it will use the text version and
ignore the binary version.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:57 -05:00
Eric Paris
dac8b32c17 libselinux: utils: new file context regex compiler
This is a new 'compiler' which tranforms the file context database into
a binary format.  This binary format may be mmap'd in later removing the
need to compile the regular expression at run time.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:56 -05:00
Eric Paris
933840af6c libselinux: audit2why: make sure path is nul terminated
We use strncpy which could leave a non-nul terminated string if the
source is longer than PATH_MAX.  Add that nul.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-01 12:08:56 -05:00
Eric Paris
8638197342 Version bumps for upstream push 2012-09-13 10:33:58 -04:00
Guido Trentalancia
45658fc6d5 libselinux: improve the file_contexts.5 manual page
Manual page improvements for the file_contexts and related policy
configuration files (section 5):

- create links to selabel_file.5 not only for file_contexts.5 but
  also for the other optional policy configuration files (including
  the so-called file contexts "substitution" files);
- clarify the above mentioned manual page(s), in particular relatively
  to the action performed by the so-called file contexts "substitution"
  policy configuration files (aliasing/equivalence versus substitution);
- improve the explanation of the form that the "substitution" files
  shall have.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:14:43 -04:00
Dan Walsh
1c8a7c194d libselinux: Ensure that we only close the selinux netlink socket once.
Taken from our Android libselinux tree.  From Stephen Smalley.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 21:06:55 -04:00
Eric Paris
4d04f4c443 libselinux: label_file: only run array once when sorting
Instead of running the array two times, sorting the 'hasMeta' the first
time and the !hasMeta the second, run the array once putting hasMeta in
the front and !hasMeta in the back.  Then ONLY run the !hasMeta section
a second time reversing its order so its sorted as it should be.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:51 -04:00
Eric Paris
36ab97dadc libselinux: label_file: struct reorg
Use char instead of int, reorder to put the chars together.  Just litle
things.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:51 -04:00
Eric Paris
de5bc062ca libselinux: label_file: break up find_stem_from_spec
Right now find_stem_from_spec does a number of things:
- calculate the length of th stem
- look for that stem
- duplicate the stem
- add the stem to the array

break those things up a bit because the mmap version isn't going to need
to do some of those things.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:50 -04:00
Eric Paris
16b578895e libselinux: label_file: new process_file function
We currently duplicate code 3 times for the main file, the homedirs, and
the local file.  Just put that stuff in its own function so we don't
have to deal with it multiple times.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:50 -04:00
Eric Paris
79b6a8d78f libselinux: label_file: only run regex files one time
We currectly run all of the regex files 2 times.  The first time counts
the lines and does the simple validatation.  We then allocate an array
of exactly the right size to hold the entries and run them a second time
doing stronger validation, regex compile, etc.

This is dumb.  Just run them one time and use realloc to grow the size
of the array as needed.  At the end the array will get sized perfectly
to fit by the sorting function, so even if we accidentally allocated
entra memory we'll get it back.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:49 -04:00
Eric Paris
ee88185aff libselinux: label_file: add accessors for the pcre extra data
When we use an mmap backed version of data we need to declare the pcre
extra data since we are only given a point to the data->buffer.  Since
sometimes the spec will hold a pointer to the extra data and sometimes
we want to declare it on the stack I introduce and use an accessor for
the extra data instead of using it directly.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:49 -04:00
Eric Paris
247759031a libselinux: label_file: move regex sorting to the header
We want to do the same thing in the compiler and as we do in in the code
which reads regexes in from the text file.  Move that sorting into the header.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:48 -04:00
Eric Paris
dd61029c54 libselinux: label_file: fix potential read past buffer in spec_hasMetaChars
An illegal regex may end with a single \ followed by nul.  This could
cause us to search past the end of the character array.  The loop
formation looks like so:

        c = regex_str;
        len = strlen(c);
        end = c + len;

        while (c != end) {
		switch (*c) {
		...
                case '\\':      /* skip the next character */
                        c++;
                        break;
		...
                }
                c++;
	}

If the \ is the last character then we will increment c and break from
the switch.  The while loop will then increment c.  So now c == end+1.
This means we will keep running into infinity and beyond!  Easy fix.
Make the loop check (c < end).  Thus even if we jump past end, we still
exit the loop.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:48 -04:00
Eric Paris
48682e2853 libselinux: label_file: move spec_hasMetaChars to header
So we can use it in the new compile utility, move the
spec_hasMetaChars() function, which looks for things like .*?+^$ in
regular expressions into the internal header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
fcc895661d libselinux: label_file: drop useless ncomp field from label_file data
The libselinux label_file backend counted the number of regexes which
had been compiled.  We didn't use it and it wasn't useful information.
Stop doing it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
9937685cbe libselinux: label_file: move stem/spec handling to header
We want to be able to find the stem and the spec from our new utility.
So move those functions to the header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:51:47 -04:00
Eric Paris
b9482941ce libselinux: label_file: move error reporting back into caller
If we want to use these functions in utilities we shouldn't call such
libselinux internal functions.  Move the error reporting up to the
caller.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:17 -04:00
Eric Paris
f744f239fb libselinux: label_file: do string to mode_t conversion in a helper function
So the string to mode_t conversion in a helper function so it can be
used later by a regex compilation program.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:17 -04:00
Eric Paris
c27101a583 libselinux: label_file: move definitions to include file
We want to use some label_file internals in a utility to compile
fcontext files into binary data for fast use.  So start pushing
structures and such into a header file.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:50:16 -04:00
Eric Paris
dc1db39e28 libselinux: label_file: remove all typedefs
I hate them.  They just indirectly you needlessly.  Just use the struct
definitions.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:49:33 -04:00
Eric Paris
091eb526dd libselinux: label_file: use PCRE instead of glibc regex functions
The PCRE functions are about x10 faster than the glibc functions.  So
use the external library.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:49:32 -04:00
Eric Paris
ac5f5645b6 libselinux: stop messages when SELinux disabled
If SELinux is disabled we should send any messages.  We shouldn't do
anything.  Just return.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:42:29 -04:00
Eric Paris
b2d86f8219 libselinux: booleans: initialize pointer to silence coveriety
The coveriety scanner is too stupid to realize that the strtok_r()
function initializes the saveptr variable.  Since we are passing a
variable location without initializing it coveriety gets angry.  Just
shut up the scanner, but nothing was wrong to start with.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:22 -04:00
Dan Walsh
bd8ea2eb6c libselinux: seusers: Check for strchr failure
If we have a malformed seusers entry we may not find the : proceeding
the level and would thus get a NULL.  This can blow up.  Check for this
error and bail gracefully.  Found by coverity

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:21 -04:00
Dan Walsh
fa7a9a604e libselinux: utils: avcstat: clear sa_mask set
We were leaving random stack garbage in sa.sa_mask.  Clear it the way
one should.  (spotted by coveriety)

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:21 -04:00
Eric Paris
1db01640ee libselinux: matchpathcon: add -m option to force file type check
We may want to force matchpathcon to respond if the path is question is
a dir, sockfile, chr, blk, etc.  Add an option so you can force it to
hit the right rule types.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:23:22 -04:00
Dan Walsh
ee6901618c libselinux: expose selinux_boolean_sub
Make selinux_boolean_sub a public method so getsebool can use it, as well as
potentially used within libsemanage.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:15:00 -04:00
Dan Walsh
179ee6c187 libselinux: Add man page for new selinux_boolean_sub function.
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:14:29 -04:00
Dan Walsh
bac96c8c70 libselinux: getsebool: support boolean name substitution
Use selinux_boolean_sub to translate the boolean name handed in by the user.
Report back the correct name of the boolean.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 13:14:29 -04:00
Eric Paris
88c3524153 libselinux: boolean name equivalency
Add support for booleans.subs file. Basically this allows us to finally change
badly named booleans to some standard name.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 13:14:25 -04:00
Eric Paris
1024ea34c6 libselinux: libsemanage: remove PYTHONLIBDIR and ruby equivalent
We generate pkg-config --libs and use that to build the libselinux
python so file.  We do not use it to build the libsemanage versions.  We
also never use the ruby equivalent.  So stop calling pkg-config
uselessly.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:19 -04:00
Eric Paris
b2523dc167 libselinux: libsemanage: do not set soname needlessly
We explicitly set the soname of the python and ruby files.  We don't
need this.  We are using the -o name as the soname, so just let the
toolchain do its thing.  It just makes the Makefile nicer to read.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:18 -04:00
Eric Paris
056f23c4bf libselinux: utils: add service to getdefaultcon
Add a -s option to getdefaultcon which allows one to specify the
service in question.  This exposes all of the abilities of getseuser
instead of only the abilities of getseuserbyname.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 12:16:18 -04:00
Dan Walsh
c802d4a6d5 libselinux: Add support for lxc_contexts_path
In order for lxc to look up its process and file labels we add new
libselinux support.  This is what we do for everything else, like
libvirt, seposgresql, etc.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-09-12 12:16:09 -04:00
Eric Paris
f05a71b92d Version bumps for upstream push 2012-06-28 14:02:29 -04:00
Eric Paris
824df4b60b libselinux: additional makefile support for rubywrap
SELinux ruby bindings didn't build from the top level
the swig generated .c file wasn't gitignored
use pkg-config for ruby info like we do for python

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
30900902b1 libselinux: label_android_property whitespace cleanups
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
rpcraig
cfc492cf11 libselinux: New Android property labeling backend
This is already in the android repo.  This is here to prevent potential
conflicts of the selabel indices, and possibly with an eye toward an eventual
reunification of the two libselinuxes down the road.

Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5e3171f658 libselinux: seusers: getseuser: gracefully handle NULL service
getseuser() would unconditionally check strlen on the service variable
even though it could be NULL.  Whoops.  If service is NULL we should
only match on *: entries.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5b344c112a libselinux: seusers: remove unused lineno
The lineno variable was being incremented, but nothing was being done
with it.  Remove it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
12e2a0f9fc libselinux: matchpathcon: bad handling of symlinks in /
The realpath_not_final() function did not properly handle symlinks in
the / directory.  The reason is because when it determined the symlink
was in the root directory it would set the resolved portion of the path
to /, it would then add a / to the end of the resolved portion, and then
append the symlink name.  The fix is to instead set the resolved portion
to "".  Thus when the '/' at the end of the resolved portion is added it
will be correct.

While I am at it, strip extraneous leading / so that //tmp returns /tmp.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
5d19b70723 libselinux: libsemanage: remove build warning when build swig c files
swig creates C files with warnings.  Turn off the warnings so the build
is clean.  We can't help the code it produces anyway...

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
9b3055ada5 libselinux: audit2why: silence -Wmissing-prototypes warning
The init functions are non-static but did not have a prototype
declaration.  They are called magically from python, so just declare the
prototype to silence the warning.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
378dfe4d6a libselinux: avc_netlink_recieve handle EINTR
should continue to poll if it receinves an EINTR rather then exiting with an error.

This was a major bug within dbus that was causing dbus to crash it was
discussed at the time whether this is a dbus bug or an libselinux bug,
it was decided that we should fix it within libselinux.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
2ca19f3f67 libselinux: asprintf return code must be checked
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Dan Walsh
ac6ab3afc0 libselinux: Fortify source now requires all code to be compiled with -O flag
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-06-28 11:21:16 -04:00
Eric Paris
7a86fe1a3d bump version and changelog for upstream push 2012-03-28 15:44:05 -04:00
Laurent Bigonville
a4f84109b5 libselinux: Hide unnecessarily-exported library destructors
Description: Hide unnecessarily-exported library destructors
This change was extracted from the old monolithic Debian patch.

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Laurent Bigonville
f7a75f1761 libselinux: Do not link against python library, this is considered bad practice in debian
Do not link python module with libpython, the interpreter is already linked against it.

Signed-off-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:14 -04:00
Kohei KaiGai
2b5a0530e7 libselinux: security_compute_create_name(3)
I'd like to use this interface to implement special case handling
for the default labeling behavior on temporary database objects.  Allow
userspace to use the filename_trans rules added to policy.

Signed-off-by: KaiGai Kohei <kohei.kaigai@emea.nec.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
2012-03-28 14:52:14 -04:00
Dan Walsh
c7d749efe2 libselinux: take security_deny_unknown into account
selinux_check_access() should not error on bad class or perms if the
security_deny_unkown() function return false.  If policy tells us to
allow unknown classes and perms we should respect that.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
ed5dc69dad libselinux: assert if avc_init() not called
To simplify finding why programs don't work, assert that avc_init() was
called any time avc functions are called.  This means we won't get
'random' segfaults and will instead be able to hopefully quickly
determine what we did wrong as application developers.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
5766295bb2 libselinux: build with either ruby 1.9 or ruby 1.8
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
dc21b09c25 libselinux: pkg-config to figure out where ruby include files are located
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
9b796ead1a libselinux: utils: Stop separating out matchpathcon as something special
It's not special and doesn't need its own Makefile lines.  Just make it
a normal target.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Dan Walsh
46d294f645 libselinux: Update Makefiles to handle /usrmove
Move everything into /usr/* and just put links from /*.  The whole /usr
thing hasn't really worked in all situations for a long long time.  Just
accept that fact and move along.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Daniel P. Berrange
c9a8ff9bae libselinux: Ensure there is a prototype for 'matchpathcon_lib_destructor'
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Daniel P. Berrange
bcdf92aac4 libselinux: Change annotation on include/selinux/avc.h to avoid upsetting SWIG
The earlier patch to avc.c put the struct member annotation at
the end of the line, which works fine for GCC, but upsets SWIG.
Equivalent code in selinux.h demonstrates how to place the
annotation without upsetting SWIG.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Daniel P. Berrange
a1044d4c84 libselinux: utils: Enable many more gcc warnings for libselinux/utils builds
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:13 -04:00
Daniel P. Berrange
41649ca786 libselinux: Enable many more gcc warnings for libselinux/src/ builds
XXX:  -Wno-redundant-decls really shouldn't be set, if some way
can be found to deal with warnings generated by dso.h

XXX: the maximum stack size should be much lower, but there
are too many functions using PATH_MAX which need to be rewritten
to use the heap instead.

XXX: probe for whether the user's GCC supports a flag ?

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-03-28 14:52:13 -04:00
Daniel P. Berrange
5f8ce37021 libselinux: Fix const-ness of parameters & make usage() methods static
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
91d9fe8af0 libselinux: Add printf format attribute annotation to die() method
Annotating the die method as taking printf format exposes
a bug in error reporting

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
57928fa1fd libselinux: Add more printf format annotations
The public avc.h file must use a printf annotation in the struct
callback members, otherwise application code will get compiler
warnings that the method should have an annotation set.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
da5e7e3b81 libselinux: Add prototype decl for destructor
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
435fae64a9 libselinux: Remove unused flush_class_cache method
* stringrep.c: Delete flush_class_cache

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
b82b7e02df libselinux: Fix const-correctness
* include/selinux/selinux.h, src/init.c: set_selinuxmnt should take
  a const char *mntpath
* src/get_default_type.c: Avoid bad cast discarding const
* load_policy.c: Fix var decl to avoid discarding const

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
86795159d4 libselinux: Fix old style function definitions
Add 'void' parameter to all functions which take no arguments

* selinux_config.c: s/()/(void)/

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Daniel P. Berrange
c87df3493d libselinux: Remove jump over variable declaration
seusers.c: In function ‘getseuser’:
seusers.c:273:3: error: jump skips variable initialization [-Werror=jump-misses-init]
seusers.c:317:2: note: label ‘err’ defined here
seusers.c:274:8: note: ‘fp’ declared here

* seusers.c: Declare FILE *fp at start of getseuser() method

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 14:52:12 -04:00
Dan Walsh
18e3a8d396 checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-03-28 08:39:07 -04:00
Eric Paris
339f8079d7 update VERSION and Changelog for public push 2011-12-21 12:46:04 -05:00
Eric Paris
297d2bee23 libselinux: merge freecon with getcon man page
The getcon man page already includes setcon() and other non-"get"
entries.  Why send people somewhere else just for freecon?  Put it here.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-21 12:35:06 -05:00
Dan Walsh
cb71d68aa1 libselinux: Cleanup Man pages
Typos, indenting, nothing fancy.

Signed-off-by: Eric Paris <eparis@redhat.com>
2011-12-21 12:35:05 -05:00
Dan Walsh
27915ec2aa libselinux: Fix setenforce man page to refer to selinux man page
Do not talk about disabling selinux in the setenforce man page.  Point
people in the right direction instead.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:35:05 -05:00
Richard Haines
16a37c9f94 libselinux - correct selabel invalid context logging
When selabel_lookup found an invalid context with validation enabled, it
always stated it was 'file_contexts' whether media, x, db or file.
The fix is to store the spec file name in the selabel_lookup_rec on
selabel_open and use this as output for logs. Also a minor fix if key is
NULL to stop seg faults.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-21 12:35:05 -05:00