Merge remote-tracking branch 'aosp/upstream-master' into mymerge

Test: aosp_angler-userdebug builds and boots
Bug: 31910164
Bug: 31594192
Change-Id: I013adcea4f88fc51ccb2070c0d48ac3e46382193

checkpolicy/ChangeLog

@@ -1,4 +1,4 @@
-2.6-rc1 2016-09-30
+2.6 2016-10-14
 	* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
 	* Add types associated to a role in the current scope when parsing, from Nicolas Iooss.
 	* Extend checkpolicy pathname matching, from Stephen Smalley.

checkpolicy/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

libselinux/ChangeLog

@@ -1,8 +1,14 @@
+	* Add booleans.c to ANDROID_HOST=y recipe, from William Roberts.
+	* DISABLE_BOOL move to include headers, from William Roberts.
+	* support ANDROID_HOST=y on Mac, from William Roberts.
+	* utils: add noreturn to sefcontext_compile, from William Roberts.
+	* Fix required alignment for sha1.c on mac, from William Roberts.
+	* Fix mac build warning when ANDROID_HOST=y, from William Roberts.
+
+2.6 2016-10-14
 	* selinux_restorecon: fix realpath logic, from Stephen Smalley.
 	* query for python site-packages dir directly, from Jason Zaman.
 	* versioned ruby pkg-config and query vendorarchdir properly, from Jason Zaman.
-
-2.6-rc1 2016-09-30
 	* Revert 'Set DISABLE_RPM default to y', from Stephen Smalley.
 	* Re-introduce DISABLE_BOOL=y, from William Roberts.
 	* make android label backends configurable, from Janis Danisevskis.

libselinux/Makefile

@@ -27,6 +27,16 @@ else
 endif
 export PCRE_CFLAGS PCRE_LDFLAGS
 
+OS := $(shell uname)
+export OS
+
+ifeq ($(shell $(CC) -v 2>&1 | grep "clang"),)
+COMPILER := gcc
+else
+COMPILER := clang
+endif
+export COMPILER
+
 all install relabel clean distclean indent:
 	@for subdir in $(SUBDIRS); do \
 		(cd $$subdir && $(MAKE) $@) || exit 1; \

libselinux/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

libselinux/src/Makefile

@@ -48,23 +48,39 @@ OBJS= $(patsubst %.c,%.o,$(SRCS))
 LOBJS= $(patsubst %.c,%.lo,$(SRCS))
 CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
           -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \
-          -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \
+          -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return \
           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
           -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
           -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
-          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
-          -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
+          -Wdisabled-optimization -Wbuiltin-macro-redefined \
+          -Wattributes -Wmultichar \
           -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
-          -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-          -Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas -Wsuggest-attribute=const \
-          -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines \
-          -Wno-missing-field-initializers -Wno-sign-compare -Wjump-misses-init \
-          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE=2 \
+          -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
+          -Woverflow -Wpointer-to-int-cast -Wpragmas \
+          -Wno-missing-field-initializers -Wno-sign-compare \
+          -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) \
           -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
           -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
-          -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
           -Werror -Wno-aggregate-return -Wno-redundant-decls
 
+LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
+
+ifeq ($(COMPILER), gcc)
+override CFLAGS += -fipa-pure-const -Wlogical-op -Wpacked-bitfield-compat -Wsync-nand \
+	-Wcoverage-mismatch -Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
+	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
+	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const -Wp,-D_FORTIFY_SOURCE=2
+else
+override CFLAGS += -Wunused-command-line-argument
+override LDFLAGS += -L/opt/local/lib -undefined dynamic_lookup
+LD_SONAME_FLAGS=-install_name,$(LIBSO)
+endif
+
+ifeq ($(OS), Darwin)
+override CFLAGS += -I/opt/local/include
+override LDFLAGS += -L/opt/local/lib -undefined dynamic_lookup
+endif
+
 PCRE_LDFLAGS ?= -lpcre
 
 override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
@@ -84,7 +100,7 @@ DISABLE_FLAGS+= -DNO_MEDIA_BACKEND -DNO_DB_BACKEND -DNO_X_BACKEND \
 	-DBUILD_HOST
 SRCS= callbacks.c freecon.c label.c label_file.c \
 	label_backends_android.c regex.c label_support.c \
-	matchpathcon.c setrans_client.c sha1.c
+	matchpathcon.c setrans_client.c sha1.c booleans.c
 else
 DISABLE_FLAGS+= -DNO_ANDROID_BACKEND
 SRCS:= $(filter-out label_backends_android.c, $(SRCS))
@@ -117,7 +133,7 @@ $(LIBA): $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS)
-	$(CC) $(CFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+	$(CC) $(CFLAGS) -shared -o $@ $^ $(PCRE_LDFLAGS) -ldl $(LDFLAGS) -L$(LIBDIR) -Wl,$(LD_SONAME_FLAGS)
 	ln -sf $@ $(TARGET) 
 
 $(LIBPC): $(LIBPC).in ../VERSION

libselinux/src/booleans.c

@@ -5,6 +5,8 @@
  *   Dan Walsh <dwalsh@redhat.com> - Added security_load_booleans().
  */
 
+#ifndef DISABLE_BOOL
+
 #include <assert.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -25,8 +27,6 @@
 
 #define SELINUX_BOOL_DIR "/booleans/"
 
-#ifndef DISABLE_BOOL
-
 static int filename_select(const struct dirent *d)
 {
 	if (d->d_name[0] == '.'
@@ -561,6 +561,10 @@ int security_load_booleans(char *path)
 }
 
 #else
+
+#include <stdlib.h>
+#include "selinux_internal.h"
+
 int security_set_boolean_list(size_t boolcnt __attribute__((unused)),
 	SELboolean * boollist __attribute__((unused)),
 	int permanent __attribute__((unused)))

libselinux/src/label_internal.h

@@ -16,8 +16,8 @@
 #include "dso.h"
 #include "sha1.h"
 
-#ifdef ANDROID
-// Android does not have fgets_unlocked()
+#if defined(ANDROID) || defined(__APPLE__)
+// Android and Mac do not have fgets_unlocked()
 #define fgets_unlocked(buf, size, fp) fgets(buf, size, fp)
 #endif
 

libselinux/src/sha1.c

@@ -8,8 +8,14 @@
 //  Modified by WaterJuice retaining Public Domain license.
 //
 //  This is free and unencumbered software released into the public domain - June 2013 waterjuice.org
-//  Modified to stop symbols being exported for libselinux shared library - October 2015
+//  Modified to:
+//    - stop symbols being exported for libselinux shared library - October 2015
 //								       Richard Haines <richard_c_haines@btinternet.com>
+//    - Not cast the workspace from a byte array to a CHAR64LONG16 due to allignment isses.
+//      Fixes:
+//        sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
+//             CHAR64LONG16*       block = (CHAR64LONG16*) workspace;
+//                                                                     William Roberts <william.c.roberts@intel.com>
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@@ -69,8 +75,8 @@ void
     uint32_t            c;
     uint32_t            d;
     uint32_t            e;
-    uint8_t             workspace[64];
-    CHAR64LONG16*       block = (CHAR64LONG16*) workspace;
+    CHAR64LONG16        workspace;
+    CHAR64LONG16*       block = &workspace;
 
     memcpy( block, buffer, 64 );
 

libselinux/utils/Makefile

@@ -8,22 +8,35 @@ INCLUDEDIR ?= $(PREFIX)/include
 MAX_STACK_SIZE=8192
 CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissing-include-dirs \
           -Wunused -Wunknown-pragmas -Wstrict-aliasing -Wshadow -Wpointer-arith \
-          -Wbad-function-cast -Wcast-align -Wwrite-strings -Wlogical-op -Waggregate-return \
+          -Wbad-function-cast -Wcast-align -Wwrite-strings -Waggregate-return \
           -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \
           -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \
           -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \
-          -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \
-          -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \
+          -Wdisabled-optimization -Wbuiltin-macro-redefined \
+          -Wattributes -Wmultichar \
           -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \
-          -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
-          -Wnormalized=nfc -Woverflow -Wpointer-to-int-cast -Wpragmas -Wsuggest-attribute=const \
-          -Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines \
-          -Wno-missing-field-initializers -Wno-sign-compare -Wjump-misses-init \
+          -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \
+          -Woverflow -Wpointer-to-int-cast -Wpragmas \
+          -Wno-missing-field-initializers -Wno-sign-compare \
           -Wno-format-nonliteral -Wframe-larger-than=$(MAX_STACK_SIZE) -Wp,-D_FORTIFY_SOURCE=2 \
           -fstack-protector-all --param=ssp-buffer-size=4 -fexceptions \
           -fasynchronous-unwind-tables -fdiagnostics-show-option -funit-at-a-time \
-          -fipa-pure-const -Wno-suggest-attribute=pure -Wno-suggest-attribute=const \
           -Werror -Wno-aggregate-return -Wno-redundant-decls
+
+LD_SONAME_FLAGS=-soname,$(LIBSO),-z,defs,-z,relro
+
+ifeq ($(COMPILER), gcc)
+override CFLAGS += -fipa-pure-const -Wpacked-bitfield-compat -Wsync-nand -Wcoverage-mismatch \
+	-Wcpp -Wformat-contains-nul -Wnormalized=nfc -Wsuggest-attribute=const \
+	-Wsuggest-attribute=noreturn -Wsuggest-attribute=pure -Wtrampolines -Wjump-misses-init \
+	-Wno-suggest-attribute=pure -Wno-suggest-attribute=const
+endif
+
+ifeq ($(OS), Darwin)
+override CFLAGS += -I/opt/local/include -I../../libsepol/include
+override LDFLAGS += -L../../libsepol/src -undefined dynamic_lookup
+endif
+
 override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE $(DISABLE_FLAGS) $(PCRE_CFLAGS)
 LDLIBS += -L../src -lselinux -L$(LIBDIR)
 PCRE_LDFLAGS ?= -lpcre

libselinux/utils/sefcontext_compile.c

@@ -266,7 +266,7 @@ static void free_specs(struct saved_data *data)
 	memset(data, 0, sizeof(*data));
 }
 
-static void usage(const char *progname)
+static __attribute__ ((__noreturn__)) void usage(const char *progname)
 {
 	fprintf(stderr,
 	    "usage: %s [-o out_file] [-p policy_file] fc_file\n"

libsemanage/ChangeLog

@@ -1,7 +1,10 @@
+	* genhomedircon: only set MLS level if MLS is enabled, from Stephen Smalley.
+
+2.6 2016-10-14
+	* genhomedircon: do not suppress logging from libsepol, from Stephen Smaley.
+	* genhomedircon: use userprefix as the role for homedir, from Gary Tierney.
 	* Fix linker scripts / map files, from Stephen Smalley.
 	* Fix bug preventing the installation of base modules, from James Carter.
-
-2.6-rc1 2016-09-30
 	* make distclean target work, from Nicolas Iooss.
 	* Do not always print a module name warning, from Miroslav Grepl.
 	* Use pp module name instead of filename when installing module, from Petr Lautrbach.

libsemanage/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

libsemanage/src/genhomedircon.c

@@ -100,6 +100,7 @@ typedef struct user_entry {
 	char *home;
 	char *level;
 	char *login;
+	char *homedir_role;
 	struct user_entry *next;
 } genhomedircon_user_entry_t;
 
@@ -177,6 +178,13 @@ static int ignore(const char *homedir) {
 	return 0;
 }
 
+static int prefix_is_homedir_role(const semanage_user_t *user,
+				  const char *prefix)
+{
+	return strcmp(OBJECT_R, prefix) == 0 ||
+		semanage_user_has_role(user, prefix);
+}
+
 static semanage_list_t *default_shell_list(void)
 {
 	semanage_list_t *list = NULL;
@@ -565,11 +573,8 @@ static int check_line(genhomedircon_settings_t * s, Ustr *line)
 	result = sepol_context_from_string(s->h_semanage->sepolh,
 					   ctx_str, &ctx_record);
 	if (result == STATUS_SUCCESS && ctx_record != NULL) {
-		sepol_msg_set_callback(s->h_semanage->sepolh, NULL, NULL);
 		result = sepol_context_check(s->h_semanage->sepolh,
 					     s->policydb, ctx_record);
-		sepol_msg_set_callback(s->h_semanage->sepolh,
-				       semanage_msg_relay_handler, s->h_semanage);
 		sepol_context_free(ctx_record);
 	}
 	return result;
@@ -633,11 +638,20 @@ static int write_contexts(genhomedircon_settings_t *s, FILE *out,
 			goto fail;
 		}
 
-		if (sepol_context_set_user(sepolh, context, user->sename) < 0 ||
+		if (sepol_context_set_user(sepolh, context, user->sename) < 0) {
+			goto fail;
+		}
+
+		if (sepol_policydb_mls_enabled(s->policydb) &&
 		    sepol_context_set_mls(sepolh, context, user->level) < 0) {
 			goto fail;
 		}
 
+		if (user->homedir_role &&
+		    sepol_context_set_role(sepolh, context, user->homedir_role) < 0) {
+			goto fail;
+		}
+
 		if (sepol_context_to_string(sepolh, context,
 					    &new_context_str) < 0) {
 			goto fail;
@@ -756,7 +770,7 @@ static int name_user_cmp(char *key, semanage_user_t ** val)
 static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
 			   const char *u, const char *g, const char *sen,
 			   const char *pre, const char *h, const char *l,
-			   const char *ln)
+			   const char *ln, const char *hd_role)
 {
 	genhomedircon_user_entry_t *temp = NULL;
 	char *name = NULL;
@@ -767,6 +781,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
 	char *home = NULL;
 	char *level = NULL;
 	char *lname = NULL;
+	char *homedir_role = NULL;
 
 	temp = malloc(sizeof(genhomedircon_user_entry_t));
 	if (!temp)
@@ -795,6 +810,11 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
 	lname = strdup(ln);
 	if (!lname)
 		goto cleanup;
+	if (hd_role) {
+		homedir_role = strdup(hd_role);
+		if (!homedir_role)
+			goto cleanup;
+	}
 
 	temp->name = name;
 	temp->uid = uid;
@@ -804,6 +824,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
 	temp->home = home;
 	temp->level = level;
 	temp->login = lname;
+	temp->homedir_role = homedir_role;
 	temp->next = (*list);
 	(*list) = temp;
 
@@ -818,6 +839,7 @@ static int push_user_entry(genhomedircon_user_entry_t ** list, const char *n,
 	free(home);
 	free(level);
 	free(lname);
+	free(homedir_role);
 	free(temp);
 	return STATUS_ERR;
 }
@@ -839,6 +861,7 @@ static void pop_user_entry(genhomedircon_user_entry_t ** list)
 	free(temp->home);
 	free(temp->level);
 	free(temp->login);
+	free(temp->homedir_role);
 	free(temp);
 }
 
@@ -852,6 +875,7 @@ static int setup_fallback_user(genhomedircon_settings_t * s)
 	const char *seuname = NULL;
 	const char *prefix = NULL;
 	const char *level = NULL;
+	const char *homedir_role = NULL;
 	unsigned int i;
 	int retval;
 	int errors = 0;
@@ -886,10 +910,14 @@ static int setup_fallback_user(genhomedircon_settings_t * s)
 					level = FALLBACK_LEVEL;
 			}
 
+			if (prefix_is_homedir_role(u, prefix)) {
+				homedir_role = prefix;
+			}
+
 			if (push_user_entry(&(s->fallback), FALLBACK_NAME,
 					    FALLBACK_UIDGID, FALLBACK_UIDGID,
 					    seuname, prefix, "", level,
-					    FALLBACK_NAME) != 0)
+					    FALLBACK_NAME, homedir_role) != 0)
 				errors = STATUS_ERR;
 			semanage_user_key_free(key);
 			if (u)
@@ -946,6 +974,7 @@ static int add_user(genhomedircon_settings_t * s,
 	struct passwd pwstorage, *pwent = NULL;
 	const char *prefix = NULL;
 	const char *level = NULL;
+	const char *homedir_role = NULL;
 	char uid[11];
 	char gid[11];
 
@@ -969,6 +998,10 @@ static int add_user(genhomedircon_settings_t * s,
 		level = FALLBACK_LEVEL;
 	}
 
+	if (prefix_is_homedir_role(user, prefix)) {
+		homedir_role = prefix;
+	}
+
 	retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
 	if (retval != 0 || pwent == NULL) {
 		if (retval != 0 && retval != ENOENT) {
@@ -1010,7 +1043,7 @@ static int add_user(genhomedircon_settings_t * s,
 	}
 
 	retval = push_user_entry(head, name, uid, gid, sename, prefix,
-				pwent->pw_dir, level, selogin);
+				pwent->pw_dir, level, selogin, homedir_role);
 cleanup:
 	free(rbuf);
 	return retval;

libsepol/ChangeLog

@@ -1,9 +1,13 @@
+	* cil: Add support for multiple strpool users, from Daniel Cashman.
+	* Fix bugs found by Nicolas Iooss by fuzzing secilc with AFL, from James Carter.
+	* build on mac, from William Roberts.
+	* cil: disable symver on Mac builds, from William Roberts.
+
+2.6 2016-10-14
 	* Fix linker scripts / map files, from Stephen Smalley.
 	* Fix bugs found by fuzzing secilc with AFL, from Nicolas Iooss.
 	* Add support for converting extended permissions to CIL, from James Carter.
 	* Create user and role caches when building binary policy, from Gary Tierney.
-
-2.6-rc1 2016-09-30
 	* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
 	* Check for too many permissions in classes and commons in CIL, from James Carter.
 	* Fix xperm mapping between avrule and avtab, from Jeff Vander Stoep.

libsepol/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

libsepol/cil/src/cil_build_ast.c

@@ -482,6 +482,10 @@ int cil_gen_perm(struct cil_db *db, struct cil_tree_node *parse_current, struct
 	cil_perm_init(&perm);
 
 	key = parse_current->data;
+	if (key == NULL) {
+		cil_log(CIL_ERR, "Bad permission\n");
+		goto exit;
+	}
 
 	rc = cil_gen_node(db, ast_node, (struct cil_symtab_datum*)perm, (hashtab_key_t)key, CIL_SYM_PERMS, flavor);
 	if (rc != SEPOL_OK) {
@@ -529,6 +533,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st
 
 		rc = cil_gen_perm(db, current_perm, new_ast, flavor, num_perms);
 		if (rc != SEPOL_OK) {
+			cil_tree_node_destroy(&new_ast);
 			goto exit;
 		}
 
@@ -546,6 +551,8 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st
 
 exit:
 	cil_log(CIL_ERR, "Bad permissions\n");
+	cil_tree_children_destroy(ast_node);
+	cil_clear_node(ast_node);
 	return rc;
 }
 

libsepol/cil/src/cil_post.c

@@ -865,13 +865,7 @@ static int __evaluate_cat_expression(struct cil_cats *cats, struct cil_db *db)
 
 	ebitmap_destroy(&bitmap);
 	cil_list_destroy(&cats->datum_expr, CIL_FALSE);
-	if (new->head != NULL) { 
-		cats->datum_expr = new;
-	} else {
-		/* empty list */
-		cil_list_destroy(&new, CIL_FALSE);
-		cats->datum_expr = NULL;
-	}
+	cats->datum_expr = new;
 
 	cats->evaluated = CIL_TRUE;
 
@@ -952,6 +946,11 @@ static int __cil_cat_expr_range_to_bitmap_helper(struct cil_list_item *i1, struc
 		c2 = alias->actual;
 	}
 
+	if (c1->value > c2->value) {
+		cil_log(CIL_ERR, "Invalid category range\n");
+		goto exit;
+	}
+
 	for (i = c1->value; i <= c2->value; i++) {
 		if (ebitmap_set_bit(bitmap, i, 1)) {
 			cil_log(CIL_ERR, "Failed to set cat bit\n");

libsepol/cil/src/cil_resolve_ast.c

@@ -131,7 +131,11 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab,
 				}
 			}
 			if (rc != SEPOL_OK) {
+				struct cil_list *empty_list;
 				cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data);
+				/* Use an empty list to represent unknown perm */
+				cil_list_init(&empty_list, perm_strs->flavor);
+				cil_list_append(*perm_datums, CIL_LIST, empty_list);
 			} else {
 				cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
 			}
@@ -448,7 +452,7 @@ exit:
 	return rc;
 }
 
-int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor)
+int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor, enum cil_flavor alias_flavor)
 {
 	int rc = SEPOL_ERR;
 	enum cil_sym_index sym_index;
@@ -461,10 +465,15 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
+
 	rc = cil_resolve_name(current, aliasactual->alias_str, sym_index, extra_args, &alias_datum);
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
+	if (NODE(alias_datum)->flavor != alias_flavor) {
+		cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
+		goto exit;
+	}
 
 	rc = cil_resolve_name(current, aliasactual->actual_str, sym_index, extra_args, &actual_datum);
 	if (rc != SEPOL_OK) {
@@ -2459,7 +2468,7 @@ exit:
 }
 
 
-int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor)
+int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil_flavor flavor, enum cil_flavor attr_flavor)
 {
 	int rc = SEPOL_ERR;
 	struct cil_bounds *bounds = current->data;
@@ -2476,19 +2485,29 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
+	if (NODE(parent_datum)->flavor == attr_flavor) {
+		cil_log(CIL_ERR, "Bounds parent %s is an attribute\n", bounds->parent_str);
+		rc = SEPOL_ERR;
+		goto exit;
+	}
+
 
 	rc = cil_resolve_name(current, bounds->child_str, index, extra_args, &child_datum);
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
+	if (NODE(child_datum)->flavor == attr_flavor) {
+		cil_log(CIL_ERR, "Bounds child %s is an attribute\n", bounds->child_str);
+		rc = SEPOL_ERR;
+		goto exit;
+	}
 
 	switch (flavor) {
 	case CIL_USER: {
 		struct cil_user *user = (struct cil_user *)child_datum;
 
 		if (user->bounds != NULL) {
-			struct cil_tree_node *node = user->bounds->datum.nodes->head->data;
-			cil_tree_log(node, CIL_ERR, "User %s already bound by parent", bounds->child_str);
+			cil_tree_log(NODE(user->bounds), CIL_ERR, "User %s already bound by parent", bounds->child_str);
 			rc = SEPOL_ERR;
 			goto exit;
 		}
@@ -2500,8 +2519,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil
 		struct cil_role *role = (struct cil_role *)child_datum;
 
 		if (role->bounds != NULL) {
-			struct cil_tree_node *node = role->bounds->datum.nodes->head->data;
-			cil_tree_log(node, CIL_ERR, "Role %s already bound by parent", bounds->child_str);
+			cil_tree_log(NODE(role->bounds), CIL_ERR, "Role %s already bound by parent", bounds->child_str);
 			rc = SEPOL_ERR;
 			goto exit;
 		}
@@ -2511,26 +2529,9 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil
 	}
 	case CIL_TYPE: {
 		struct cil_type *type = (struct cil_type *)child_datum;
-		struct cil_tree_node *node = NULL;
 
 		if (type->bounds != NULL) {
-			node = ((struct cil_symtab_datum *)type->bounds)->nodes->head->data;
-			cil_tree_log(node, CIL_ERR, "Type %s already bound by parent", bounds->child_str);
-			cil_tree_log(current, CIL_ERR, "Now being bound to parent %s", bounds->parent_str);
-			rc = SEPOL_ERR;
-			goto exit;
-		}
-
-		node = parent_datum->nodes->head->data;
-		if (node->flavor == CIL_TYPEATTRIBUTE) {
-			cil_log(CIL_ERR, "Bounds parent %s is an attribute\n", bounds->parent_str);
-			rc = SEPOL_ERR;
-			goto exit;
-		}
-
-		node = child_datum->nodes->head->data;
-		if (node->flavor == CIL_TYPEATTRIBUTE) {
-			cil_log(CIL_ERR, "Bounds child %s is an attribute\n", bounds->child_str);
+			cil_tree_log(NODE(type->bounds), CIL_ERR, "Type %s already bound by parent", bounds->child_str);
 			rc = SEPOL_ERR;
 			goto exit;
 		}
@@ -3361,13 +3362,13 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args)
 	case CIL_PASS_ALIAS1:
 		switch (node->flavor) {
 		case CIL_TYPEALIASACTUAL:
-			rc = cil_resolve_aliasactual(node, args, CIL_TYPE);
+			rc = cil_resolve_aliasactual(node, args, CIL_TYPE, CIL_TYPEALIAS);
 			break;
 		case CIL_SENSALIASACTUAL:
-			rc = cil_resolve_aliasactual(node, args, CIL_SENS);
+			rc = cil_resolve_aliasactual(node, args, CIL_SENS, CIL_SENSALIAS);
 			break;
 		case CIL_CATALIASACTUAL:
-			rc = cil_resolve_aliasactual(node, args, CIL_CAT);
+			rc = cil_resolve_aliasactual(node, args, CIL_CAT, CIL_CATALIAS);
 			break;
 		default: 
 			break;
@@ -3436,7 +3437,7 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args)
 			rc = cil_resolve_typeattributeset(node, args);
 			break;
 		case CIL_TYPEBOUNDS:
-			rc = cil_resolve_bounds(node, args, CIL_TYPE);
+			rc = cil_resolve_bounds(node, args, CIL_TYPE, CIL_TYPEATTRIBUTE);
 			break;
 		case CIL_TYPEPERMISSIVE:
 			rc = cil_resolve_typepermissive(node, args);
@@ -3473,7 +3474,7 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args)
 			rc = cil_resolve_userrange(node, args);
 			break;
 		case CIL_USERBOUNDS:
-			rc = cil_resolve_bounds(node, args, CIL_USER);
+			rc = cil_resolve_bounds(node, args, CIL_USER, CIL_USERATTRIBUTE);
 			break;
 		case CIL_USERPREFIX:
 			rc = cil_resolve_userprefix(node, args);
@@ -3495,7 +3496,7 @@ int __cil_resolve_ast_node(struct cil_tree_node *node, void *extra_args)
 			rc = cil_resolve_roleallow(node, args);
 			break;
 		case CIL_ROLEBOUNDS:
-			rc = cil_resolve_bounds(node, args, CIL_ROLE);
+			rc = cil_resolve_bounds(node, args, CIL_ROLE, CIL_ROLEATTRIBUTE);
 			break;
 		case CIL_LEVEL:
 			rc = cil_resolve_level(node, (struct cil_level*)node->data, args);

libsepol/cil/src/cil_strpool.c

@@ -27,6 +27,7 @@
  * either expressed or implied, of Tresys Technology, LLC.
  */
 
+#include <pthread.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
@@ -40,6 +41,8 @@ struct cil_strpool_entry {
 	char *str;
 };
 
+static pthread_mutex_t cil_strpool_mutex = PTHREAD_MUTEX_INITIALIZER;
+static unsigned int cil_strpool_readers = 0;
 static hashtab_t cil_strpool_tab = NULL;
 
 static unsigned int cil_strpool_hash(hashtab_t h, hashtab_key_t key)
@@ -68,16 +71,21 @@ char *cil_strpool_add(const char *str)
 {
 	struct cil_strpool_entry *strpool_ref = NULL;
 
+	pthread_mutex_lock(&cil_strpool_mutex);
+
 	strpool_ref = hashtab_search(cil_strpool_tab, (hashtab_key_t)str);
 	if (strpool_ref == NULL) {
 		strpool_ref = cil_malloc(sizeof(*strpool_ref));
 		strpool_ref->str = cil_strdup(str);
 		int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
 		if (rc != SEPOL_OK) {
+			pthread_mutex_unlock(&cil_strpool_mutex);
 			(*cil_mem_error_handler)();
+			pthread_mutex_lock(&cil_strpool_mutex);
 		}
 	}
 
+	pthread_mutex_unlock(&cil_strpool_mutex);
 	return strpool_ref->str;
 }
 
@@ -91,14 +99,26 @@ static int cil_strpool_entry_destroy(hashtab_key_t k __attribute__ ((unused)), h
 
 void cil_strpool_init(void)
 {
-	cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
+	pthread_mutex_lock(&cil_strpool_mutex);
 	if (cil_strpool_tab == NULL) {
-		(*cil_mem_error_handler)();
+		cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
+		if (cil_strpool_tab == NULL) {
+			pthread_mutex_unlock(&cil_strpool_mutex);
+			(*cil_mem_error_handler)();
+			return;
+		}
 	}
+	cil_strpool_readers++;
+	pthread_mutex_unlock(&cil_strpool_mutex);
 }
 
 void cil_strpool_destroy(void)
 {
-	hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
-	hashtab_destroy(cil_strpool_tab);
+	pthread_mutex_lock(&cil_strpool_mutex);
+	cil_strpool_readers--;
+	if (cil_strpool_readers == 0) {
+		hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
+		hashtab_destroy(cil_strpool_tab);
+	}
+	pthread_mutex_unlock(&cil_strpool_mutex);
 }

libsepol/cil/src/cil_verify.c

@@ -50,9 +50,15 @@
 int __cil_verify_name(const char *name)
 {
 	int rc = SEPOL_ERR;
-	int len = strlen(name);
+	int len;
 	int i = 0;
 
+	if (name == NULL) {
+		cil_log(CIL_ERR, "Name is NULL\n");
+		goto exit;
+	}
+
+	len = strlen(name);
 	if (len >= CIL_MAX_NAME_LENGTH) {
 		cil_log(CIL_ERR, "Name length greater than max name length of %d", 
 			CIL_MAX_NAME_LENGTH);

libsepol/cil/src/dso.h

@@ -1,7 +1,7 @@
 #ifndef _SEPOL_DSO_H
 #define _SEPOL_DSO_H	1
 
-#if !defined(SHARED) || defined(ANDROID)
+#if !defined(SHARED) || defined(ANDROID) || defined(__APPLE__)
     #define DISABLE_SYMVER 1
 #endif
 

libsepol/src/Makefile

@@ -30,6 +30,13 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_
 override CFLAGS += -I$(CILDIR)/include
 endif
 
+LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs
+
+OS := $(shell uname)
+ifeq ($(OS), Darwin)
+LD_SONAME_FLAGS=-install_name,$(LIBSO)
+LDFLAGS += -undefined dynamic_lookup
+endif
 
 all: $(LIBA) $(LIBSO) $(LIBPC)
 
@@ -39,7 +46,7 @@ $(LIBA):  $(OBJS)
 	$(RANLIB) $@
 
 $(LIBSO): $(LOBJS) $(LIBMAP)
-	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $(LOBJS) -Wl,-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs
+	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $(LOBJS) -Wl,$(LD_SONAME_FLAGS)
 	ln -sf $@ $(TARGET) 
 
 $(LIBPC): $(LIBPC).in ../VERSION

policycoreutils/ChangeLog

@@ -1,4 +1,4 @@
-2.6-rc1 2016-09-30
+2.6 2016-10-14
 	* setfiles: reverse the sense of -D option, from Stephen Smalley.
 	* setfiles ignore restorecon_xattr in git, from Nicolas Iooss.
 	* sandbox: Use dbus-run-session instead of dbus-launch when available, from Laurent Bigonville.

policycoreutils/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

scripts/release

@@ -1,6 +1,13 @@
 #!/bin/bash
 
-DEST=../selinux-$(date '+%Y%m%d')
+PWD=`pwd`
+WIKIDIR=../selinux.wiki
+
+if [ \! -d $WIKIDIR ]; then
+    git clone git@github.com:SELinuxProject/selinux.wiki.git $WIKIDIR
+fi
+
+DEST=$WIKIDIR/files/releases/$(date '+%Y%m%d')
 DIRS="libsepol libselinux libsemanage policycoreutils checkpolicy secilc sepolgen"
 
 git tag -a $(date '+%Y%m%d') -m "Release $(date '+%Y%m%d')"
@@ -19,7 +26,9 @@ done
 
 cd $DEST
 
-echo "Copy *.tar.gz from $DEST to the server and add the following to the Releases wiki page:"
+git add .
+
+echo "Add the following to the $WIKIDIR/Releases.md wiki page:"
 
 echo ""
 
@@ -31,3 +40,13 @@ for i in *.tar.gz; do
 	sha256sum $i | cut -d " " -f 1
 	echo ""
 done
+
+echo "And then run:"
+echo "  cd $WIKIDIR"
+echo "  git commit  -m \"Release $(date '+%Y%m%d')\" -a -s"
+echo "  git push"
+
+echo ""
+echo "Push the release and its tags to git via:"
+echo "  git push"
+echo "  git push --tags"

secilc/ChangeLog

@@ -1,4 +1,4 @@
-2.6-rc1 2016-09-30
+2.6 2016-10-14
 	* secilc: correct include path of cil.h for Android, from Bowgo Tsai.
 	* Remove Android.mk files and only keep them in Android tree, from Bowgo Tsai.
 	* Add documentation and test rule for portcon dccp protocol, from Richard Haines

secilc/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6

sepolgen/ChangeLog

@@ -1,4 +1,4 @@
-2.6-rc1 2016-09-30
+2.6 2016-10-14
 	* Remove additional files when cleaning, from Nicolas Iooss.
 	* Add support for TYPEBOUNDS statement in INTERFACE policy files, from Miroslav Grepl.
 

sepolgen/VERSION

@@ -1 +1 @@
-2.6-rc1
+2.6