From a27dc971cacc3997744515efc94fbe00ac521907 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 9 Nov 2022 11:53:28 +0100 Subject: [PATCH 01/39] python: Fix typo in audit2allow.1 example Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/audit2allow/audit2allow.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/audit2allow/audit2allow.1 b/python/audit2allow/audit2allow.1 index c61067b3..04ec3239 100644 --- a/python/audit2allow/audit2allow.1 +++ b/python/audit2allow/audit2allow.1 @@ -151,7 +151,7 @@ policy_module(local, 1.0) gen_require(` type myapp_t; type etc_t; - }; +\[aq]) files_read_etc_files(myapp_t) From d3c6828a6a7de498593433f59d13de5ef680383a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 9 Nov 2022 21:09:37 +0100 Subject: [PATCH 02/39] libselinux: simplify string copying MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use strdup(3)/strndup(3) instead of allocating memory and then manually copying the content. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/context.c | 11 +++++------ libselinux/src/get_default_type.c | 3 +-- libselinux/src/matchpathcon.c | 9 +++------ libselinux/utils/selabel_lookup_best_match.c | 10 ++++------ 4 files changed, 13 insertions(+), 20 deletions(-) diff --git a/libselinux/src/context.c b/libselinux/src/context.c index 9dddbc5a..8830bf42 100644 --- a/libselinux/src/context.c +++ b/libselinux/src/context.c @@ -149,19 +149,18 @@ static int set_comp(context_private_t * n, int idx, const char *str) char *t = NULL; const char *p; if (str) { - t = (char *)malloc(strlen(str) + 1); - if (!t) { - return -1; - } for (p = str; *p; p++) { if (*p == '\t' || *p == '\n' || *p == '\r' || ((*p == ':' || *p == ' ') && idx != COMP_RANGE)) { - free(t); errno = EINVAL; return -1; } } - strcpy(t, str); + + t = strdup(str); + if (!t) { + return -1; + } } conditional_free(&n->component[idx]); n->component[idx] = t; diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c index dd7b5d79..766ea4b7 100644 --- a/libselinux/src/get_default_type.c +++ b/libselinux/src/get_default_type.c @@ -62,10 +62,9 @@ static int find_default_type(FILE * fp, const char *role, char **type) return -1; } - t = malloc(strlen(buf) - len); + t = strndup(ptr, strlen(buf) - len - 1); if (!t) return -1; - strcpy(t, ptr); *type = t; return 0; } diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c index ea78a23e..bf2da083 100644 --- a/libselinux/src/matchpathcon.c +++ b/libselinux/src/matchpathcon.c @@ -215,10 +215,9 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) if (ret < 0 || sb.st_ino != ino) { fl->specind = specind; free(fl->file); - fl->file = malloc(strlen(file) + 1); + fl->file = strdup(file); if (!fl->file) goto oom; - strcpy(fl->file, file); return fl->specind; } @@ -232,10 +231,9 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) __FUNCTION__, file, fl->file, con_array[fl->specind]); free(fl->file); - fl->file = malloc(strlen(file) + 1); + fl->file = strdup(file); if (!fl->file) goto oom; - strcpy(fl->file, file); return fl->specind; } @@ -248,10 +246,9 @@ int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) goto oom; fl->ino = ino; fl->specind = specind; - fl->file = malloc(strlen(file) + 1); + fl->file = strdup(file); if (!fl->file) goto oom_freefl; - strcpy(fl->file, file); fl->next = prevfl->next; prevfl->next = fl; return fl->specind; diff --git a/libselinux/utils/selabel_lookup_best_match.c b/libselinux/utils/selabel_lookup_best_match.c index a4af0679..e816c04b 100644 --- a/libselinux/utils/selabel_lookup_best_match.c +++ b/libselinux/utils/selabel_lookup_best_match.c @@ -30,7 +30,7 @@ static __attribute__ ((__noreturn__)) void usage(const char *progname) exit(1); } -static mode_t string_to_mode(char *s) +static mode_t string_to_mode(const char *s) { switch (s[0]) { case 'b': @@ -53,7 +53,7 @@ static mode_t string_to_mode(char *s) int main(int argc, char **argv) { - int raw = 0, mode = 0, rc, opt, i, num_links, string_len; + int raw = 0, mode = 0, rc, opt, i, num_links; char *validate = NULL, *path = NULL, *context = NULL, *file = NULL; char **links = NULL; @@ -101,13 +101,11 @@ int main(int argc, char **argv) } for (i = optind, num_links = 0; i < argc; i++, num_links++) { - string_len = strlen(argv[i]) + 1; - links[num_links] = malloc(string_len); + links[num_links] = strdup(argv[i]); if (!links[num_links]) { - fprintf(stderr, "ERROR: malloc failed.\n"); + fprintf(stderr, "ERROR: strdup failed.\n"); exit(1); } - strcpy(links[num_links], argv[i]); } } From aaaed69911f96e0e8120a84ff5cc5610bfbbb041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 9 Nov 2022 21:09:38 +0100 Subject: [PATCH 03/39] checkpolicy: simplify string copying MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use strdup(3) instead of allocating memory and then manually copying the content. Signed-off-by: Christian Göttsche Acked-by: James Carter --- checkpolicy/checkpolicy.c | 10 ++++------ checkpolicy/policy_define.c | 3 +-- checkpolicy/test/dispol.c | 5 ++--- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 926ce72c..48c31261 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -1148,12 +1148,11 @@ int main(int argc, char **argv) FGETS(ans, sizeof(ans), stdin); ans[strlen(ans) - 1] = 0; - name = malloc((strlen(ans) + 1) * sizeof(char)); + name = strdup(ans); if (name == NULL) { - fprintf(stderr, "couldn't malloc string.\n"); + fprintf(stderr, "couldn't strdup string.\n"); break; } - strcpy(name, ans); printf("state? "); FGETS(ans, sizeof(ans), stdin); @@ -1296,12 +1295,11 @@ int main(int argc, char **argv) FGETS(ans, sizeof(ans), stdin); ans[strlen(ans) - 1] = 0; - name = malloc((strlen(ans) + 1) * sizeof(char)); + name = strdup(ans); if (!name) { - fprintf(stderr, "couldn't malloc string.\n"); + fprintf(stderr, "couldn't strdup string.\n"); break; } - strcpy(name, ans); printf("port? "); FGETS(ans, sizeof(ans), stdin); diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 54bb304b..41e44631 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -117,12 +117,11 @@ int insert_id(const char *id, int push) char *newid = 0; int error; - newid = (char *)malloc(strlen(id) + 1); + newid = strdup(id); if (!newid) { yyerror("out of memory"); return -1; } - strcpy(newid, id); if (push) error = queue_push(id_queue, (queue_element_t) newid); else diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c index 8ddefb04..36a3362c 100644 --- a/checkpolicy/test/dispol.c +++ b/checkpolicy/test/dispol.c @@ -486,12 +486,11 @@ int main(int argc, char **argv) } ans[strlen(ans) - 1] = 0; - name = malloc((strlen(ans) + 1) * sizeof(char)); + name = strdup(ans); if (name == NULL) { - fprintf(stderr, "couldn't malloc string.\n"); + fprintf(stderr, "couldn't strdup string.\n"); break; } - strcpy(name, ans); printf("state? "); if (fgets(ans, sizeof(ans), stdin) == NULL) { From 06df37782955863df3f5f4beeb7c45c1bbea0c18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 9 Nov 2022 21:09:39 +0100 Subject: [PATCH 04/39] libsepol: simplify string copying MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use strdup(3) instead of allocating memory and then manually copying the content. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/policydb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 8a65df05..b79c19b9 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -776,12 +776,11 @@ static int roles_init(policydb_t * p) rc = -ENOMEM; goto out; } - key = malloc(strlen(OBJECT_R) + 1); + key = strdup(OBJECT_R); if (!key) { rc = -ENOMEM; goto out_free_role; } - strcpy(key, OBJECT_R); rc = symtab_insert(p, SYM_ROLES, key, role, (p->policy_type == POLICY_MOD ? SCOPE_REQ : SCOPE_DECL), 1, From cd5de9230db5451a594440b3f8402ac41c65226a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 9 Nov 2022 21:17:01 +0100 Subject: [PATCH 05/39] libselinux: drop set but not used internal variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The internal variable avc_netlink_trouble is only assigned but never read from. Unused since the initial commit 13cd4c896068 ("initial import from svn trunk revision 2950"). Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/avc_internal.c | 2 -- libselinux/src/avc_internal.h | 3 --- libselinux/src/sestatus.c | 1 - 3 files changed, 6 deletions(-) diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c index 71a1357b..ffc663e5 100644 --- a/libselinux/src/avc_internal.c +++ b/libselinux/src/avc_internal.c @@ -51,7 +51,6 @@ char avc_prefix[AVC_PREFIX_SIZE] = "uavc"; int avc_running = 0; int avc_enforcing = 1; int avc_setenforce = 0; -int avc_netlink_trouble = 0; /* process setenforce events for netlink and sestatus */ int avc_process_setenforce(int enforcing) @@ -295,7 +294,6 @@ void avc_netlink_loop(void) close(fd); fd = -1; - avc_netlink_trouble = 1; avc_log(SELINUX_ERROR, "%s: netlink thread: errors encountered, terminating\n", avc_prefix); diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h index a9a4aa0b..54f0ce28 100644 --- a/libselinux/src/avc_internal.h +++ b/libselinux/src/avc_internal.h @@ -180,7 +180,4 @@ int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, security_class_t tclass, access_vector_t perms, uint32_t seqno, uint32_t enable) ; -/* netlink kernel message code */ -extern int avc_netlink_trouble ; - #endif /* _SELINUX_AVC_INTERNAL_H_ */ diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c index 89c1f621..fbe64301 100644 --- a/libselinux/src/sestatus.c +++ b/libselinux/src/sestatus.c @@ -343,7 +343,6 @@ error: if (avc_using_threads) { fallback_netlink_thread = avc_create_thread(&avc_netlink_loop); - avc_netlink_trouble = 0; } fallback_sequence = 0; From 42f7f2fdcf1a38b6018933132ea6a35dc41bdeff Mon Sep 17 00:00:00 2001 From: Jie Lu Date: Tue, 15 Nov 2022 19:55:36 +0800 Subject: [PATCH 06/39] libselinux: fix memory leaks on the audit2why module init Signed-off-by: Jie Lu Acked-by: James Carter --- libselinux/src/audit2why.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index 44a9a341..ba1a66eb 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -191,7 +191,7 @@ static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) static int __policy_init(const char *init_path) { - FILE *fp; + FILE *fp = NULL; const char *curpolicy; char errormsg[PATH_MAX+1024+20]; struct sepol_policy_file *pf = NULL; @@ -235,18 +235,17 @@ static int __policy_init(const char *init_path) snprintf(errormsg, sizeof(errormsg), "policydb_init failed: %m\n"); PyErr_SetString( PyExc_RuntimeError, errormsg); - fclose(fp); - return 1; + goto err; } sepol_policy_file_set_fp(pf, fp); if (sepol_policydb_read(avc->policydb, pf)) { snprintf(errormsg, sizeof(errormsg), "invalid binary policy %s\n", curpolicy); PyErr_SetString( PyExc_ValueError, errormsg); - fclose(fp); - return 1; + goto err; } fclose(fp); + fp = NULL; sepol_set_policydb(&avc->policydb->p); avc->handle = sepol_handle_create(); /* Turn off messages */ @@ -256,13 +255,13 @@ static int __policy_init(const char *init_path) avc->policydb, &cnt); if (rc < 0) { PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n"); - return 1; + goto err; } boollist = calloc(cnt, sizeof(*boollist)); if (!boollist) { PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); - return 1; + goto err; } sepol_bool_iterate(avc->handle, avc->policydb, @@ -273,11 +272,26 @@ static int __policy_init(const char *init_path) rc = sepol_sidtab_init(&sidtab); if (rc < 0) { PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n"); - free(boollist); - return 1; + goto err; } sepol_set_sidtab(&sidtab); return 0; + +err: + if (boollist) + free(boollist); + if (avc){ + if (avc->handle) + sepol_handle_destroy(avc->handle); + if (avc->policydb) + sepol_policydb_free(avc->policydb); + free(avc); + } + if (pf) + sepol_policy_file_free(pf); + if (fp) + fclose(fp); + return 1; } static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { From c54dd0fab718a424bc867310a7572fb018de0cdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 14 Nov 2022 20:40:30 +0100 Subject: [PATCH 07/39] libsepol/tests: use more strict compiler options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the more strict C compiler warnings from the root Makefile. Also fail on warnings from the m4 macro processor. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/tests/Makefile | 19 +++++++++++++++++-- libsepol/tests/test-linker-roles.c | 2 +- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/libsepol/tests/Makefile b/libsepol/tests/Makefile index a72c327d..273373b0 100644 --- a/libsepol/tests/Makefile +++ b/libsepol/tests/Makefile @@ -1,9 +1,24 @@ ENV ?= env -M4 ?= m4 +M4 ?= m4 -E -E MKDIR ?= mkdir EXE ?= libsepol-tests -CFLAGS += -g3 -gdwarf-2 -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter -Werror +CFLAGS += -g3 -gdwarf-2 -O0 \ + -Werror -Wall -Wextra \ + -Wfloat-equal \ + -Wformat=2 \ + -Winit-self \ + -Wmissing-format-attribute \ + -Wmissing-noreturn \ + -Wmissing-prototypes \ + -Wnull-dereference \ + -Wpointer-arith \ + -Wshadow \ + -Wstrict-prototypes \ + -Wundef \ + -Wunused \ + -Wwrite-strings \ + -fno-common # Statically link libsepol on the assumption that we are going to # be testing internal functions. diff --git a/libsepol/tests/test-linker-roles.c b/libsepol/tests/test-linker-roles.c index 2b17dffd..b35bdbe6 100644 --- a/libsepol/tests/test-linker-roles.c +++ b/libsepol/tests/test-linker-roles.c @@ -53,7 +53,7 @@ /* this simply tests whether the passed in role only has its own * value in its dominates ebitmap */ -static void only_dominates_self(policydb_t * p, role_datum_t * role) +static void only_dominates_self(policydb_t * p __attribute__ ((unused)), role_datum_t * role) { ebitmap_node_t *tnode; unsigned int i; From 7c0a84c8cc3e857ae698d47e6b2f3054363a2447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 14 Nov 2022 20:40:31 +0100 Subject: [PATCH 08/39] libsepol/tests: add tests for neverallow assertions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add tests for neverallow assertion checks. This creates a foundation for the status quo, and enables to spot regressions in future changes to the - quite complex - assertion logic. One example is the support for not-self rules. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/tests/libsepol-tests.c | 2 + .../policies/test-neverallow/policy.conf | 298 ++++++++++++++++++ libsepol/tests/test-neverallow.c | 172 ++++++++++ libsepol/tests/test-neverallow.h | 10 + 4 files changed, 482 insertions(+) create mode 100644 libsepol/tests/policies/test-neverallow/policy.conf create mode 100644 libsepol/tests/test-neverallow.c create mode 100644 libsepol/tests/test-neverallow.h diff --git a/libsepol/tests/libsepol-tests.c b/libsepol/tests/libsepol-tests.c index 5ae6bedc..968e3cc2 100644 --- a/libsepol/tests/libsepol-tests.c +++ b/libsepol/tests/libsepol-tests.c @@ -24,6 +24,7 @@ #include "test-expander.h" #include "test-deps.h" #include "test-downgrade.h" +#include "test-neverallow.h" #include #include @@ -71,6 +72,7 @@ static bool do_tests(int interactive, int verbose) DECLARE_SUITE(expander); DECLARE_SUITE(deps); DECLARE_SUITE(downgrade); + DECLARE_SUITE(neverallow); if (verbose) CU_basic_set_mode(CU_BRM_VERBOSE); diff --git a/libsepol/tests/policies/test-neverallow/policy.conf b/libsepol/tests/policies/test-neverallow/policy.conf new file mode 100644 index 00000000..67a16372 --- /dev/null +++ b/libsepol/tests/policies/test-neverallow/policy.conf @@ -0,0 +1,298 @@ +class process +class blk_file +class chr_file +class dir +class fifo_file +class file +class lnk_file +class sock_file + +sid kernel +sid security +sid unlabeled +sid file +sid port +sid netif +sid netmsg +sid node +sid devnull + +class process { dyntransition transition } +class file { getattr ioctl open read write } + +ifdef(`enable_mls',` +sensitivity s0; +dominance { s0 } +category c0; category c1; category c2; category c3; +category c4; category c5; category c6; category c7; +category c8; category c9; category c10; category c11; +category c12; category c13; category c14; category c15; +category c16; category c17; category c18; category c19; +category c20; category c21; category c22; category c23; + +level s0:c0.c23; + +mlsconstrain file { write } ( h1 dom h2 ); +') + + +######################################## +# +# Test start +# +######################################## + + +## Test 1 (basic) + +type test1_t; +allow test1_t test1_t : file { read write }; +neverallow test1_t test1_t : file read; + + +## Test 2 (wildcard permission) + +type test2_t; +allow test2_t test2_t : file { read write }; +neverallow test2_t test2_t : file *; + + +## Test 3 (complement permission) + +type test3_t; +allow test3_t test3_t : file { read write }; +neverallow test3_t test3_t : file ~{ write }; + + +## Test 4 (wildcard source) + +type test4_t; +allow test4_t test4_t : file { read write }; +neverallow * test4_t : file read; + + +## Test 5 (wildcard target) + +type test5_t; +allow test5_t test5_t : file { read write }; +neverallow test5_t * : file read; + + +## Test 6 (complement source) + +type test6_1_t; +type test6_2_t; +allow { test6_1_t test6_2_t } { test6_1_t test6_2_t } : file { read write }; +neverallow ~{ test6_2_t } test6_1_t : file read; + + +## Test 7 (complement target) + +type test7_1_t; +type test7_2_t; +allow { test7_1_t test7_2_t } { test7_1_t test7_2_t } : file { read write }; +neverallow test7_1_t ~{ test7_2_t } : file read; + + +## Test 8 (source attribute) + +attribute test8_a; +type test8_t, test8_a; +allow test8_a test8_a : file read; +allow test8_t test8_t : file write; +neverallow test8_a test8_t : file { read write }; + + +## Test 9 (target attribute) + +attribute test9_a; +type test9_t, test9_a; +allow test9_a test9_a : file read; +allow test9_t test9_t : file write; +neverallow test9_t test9_a : file { read write }; + + +## Test 10 (self) + +attribute test10_a; +type test10_1_t, test10_a; +type test10_2_t; +allow { test10_1_t test10_2_t } { test10_1_t test10_2_t } : file read; +neverallow test10_a self : file *; + + +## Test 11 (wildcard) + +type test11_t; +allow test11_t self : process *; +neverallow * * : process *; + + +## Test 12 (complement attributes) + +attribute test12_1_a; +attribute test12_2_a; +attribute test12_3_a; +type test12_1_t, test12_1_a; +type test12_2_t, test12_2_a; +type test12_3_t, test12_3_a; +allow { test12_1_a test12_2_a test12_3_a } { test12_1_a test12_2_a test12_3_a } : file *; +neverallow ~{ test12_1_a test12_2_t } ~{ test12_3_a } : file getattr; +neverallow ~{ test12_1_a } ~{ test12_2_a test12_3_t } : file open; + + +## Test 13 (excludes) + +attribute test13_1_a; +attribute test13_2_a; +attribute test13_3_a; +type test13_1_t, test13_1_a; +type test13_2_t, test13_2_a; +type test13_3_t, test13_3_a; +allow { test13_1_a test13_2_a test13_3_a } { test13_1_a test13_2_a test13_3_a } : file { read write }; +neverallow { test13_1_a test13_2_a test13_3_a -test13_2_a -test13_3_t } { test13_1_a test13_2_a test13_3_a -test13_2_t -test13_3_a } : file read; + + +## Test 14 (misc avrules) + +type test14_t; +auditallow test14_t test14_t : file read; +dontaudit test14_t test14_t : file write; +neverallow test14_t test14_t : file { read write }; +type_transition test14_t test14_t : file test14_t; +type_transition test14_t test14_t : file test14_t "objname"; +neverallow test14_t test14_t : file *; # nofail + + +## Test 15 (extended permissions - standard allow) + +type test15_t; +allow test15_t self : file ioctl; +neverallowxperm test15_t self : file ioctl 0x1111; + + +## Test 16 (extended permissions - allowxperm) + +type test16_t; +allow test16_t self : file ioctl; +allowxperm test16_t self : file ioctl 0x1111; +neverallowxperm test16_t self : file ioctl 0x1111; + + +## Test 17 (extended permissions - allowxperm mismatch) + +type test17_t; +allow test17_t self : file ioctl; +allowxperm test17_t self : file ioctl 0x1111; +neverallowxperm test17_t self : file ioctl 0x2222; # nofail + + +## Test 18 (extended permissions - allowxperm range I) + +type test18_t; +allow test18_t self : file ioctl; +allowxperm test18_t self : file ioctl { 0x1100-0x1300 }; +neverallowxperm test18_t self : file ioctl 0x1111; + + +## Test 19 (extended permissions - allowxperm range II) + +type test19_t; +allow test19_t self : file ioctl; +allowxperm test19_t self : file ioctl 0x1111; +neverallowxperm test19_t self : file ioctl { 0x1100-0x1300 }; + + +## Test 20 (extended permissions - misc targets I) + +attribute test20_a; +type test20_t, test20_a; + +allow test20_a test20_a : file ioctl; +allowxperm test20_a test20_a : file ioctl 0x1111; +neverallowxperm test20_a self : file ioctl 0x1111; + + +## Test 21 (extended permissions - misc targets II) + +attribute test21_1_a; +attribute test21_2_a; +type test21_t, test21_1_a, test21_2_a; + +allow test21_1_a test21_1_a : file ioctl; +allowxperm test21_1_a test21_2_a : file ioctl 0x1111; +neverallowxperm test21_1_a self : file ioctl 0x1111; + + +## Test 22 (extended permissions - misc targets III) + +attribute test22_a; +type test22_t, test22_a; + +allow test22_a test22_a : file ioctl; +allowxperm test22_t self : file ioctl 0x1111; +neverallowxperm test22_a self : file ioctl 0x1111; + + +## Test 23 (extended permissions - misc targets IV) + +attribute test23_a; +type test23_t, test23_a; + +allow test23_a test23_a : file ioctl; +allowxperm test23_t test23_t : file ioctl 0x1111; +neverallowxperm test23_a self : file ioctl 0x1111; + + +## Test 24 (extended permissions - misc targets V) + +attribute test24_a; +type test24_t, test24_a; + +allow test24_a test24_a : file ioctl; +allowxperm test24_t test24_a : file ioctl 0x1111; +neverallowxperm test24_a self : file ioctl 0x1111; + + +## Test 25 (extended permissions - misc targets VI) + +attribute test25_a; +type test25_t, test25_a; + +allow test25_a test25_a : file ioctl; +allowxperm test25_a self : file ioctl 0x1111; +neverallowxperm test25_a self : file ioctl 0x1111; + + +## Test 26 (extended permissions - assert twice) + +attribute test26_a; +type test26_1_t, test26_a; +type test26_2_t, test26_a; +allow test26_a test26_a : file ioctl; +allowxperm test26_a test26_a : file ioctl 0x1111; +neverallowxperm test26_1_t test26_a : file ioctl 0x1111; + + +######################################## +# +# Test End +# +######################################## + + +type sys_isid; +role sys_role; +role sys_role types sys_isid; +gen_user(sys_user,, sys_role, s0, s0 - s0:c0.c23) +sid kernel gen_context(sys_user:sys_role:sys_isid, s0) +sid security gen_context(sys_user:sys_role:sys_isid, s0) +sid unlabeled gen_context(sys_user:sys_role:sys_isid, s0) +sid file gen_context(sys_user:sys_role:sys_isid, s0) +sid port gen_context(sys_user:sys_role:sys_isid, s0) +sid netif gen_context(sys_user:sys_role:sys_isid, s0) +sid netmsg gen_context(sys_user:sys_role:sys_isid, s0) +sid node gen_context(sys_user:sys_role:sys_isid, s0) +sid devnull gen_context(sys_user:sys_role:sys_isid, s0) +fs_use_trans devpts gen_context(sys_user:sys_role:sys_isid, s0); +fs_use_trans devtmpfs gen_context(sys_user:sys_role:sys_isid, s0); diff --git a/libsepol/tests/test-neverallow.c b/libsepol/tests/test-neverallow.c new file mode 100644 index 00000000..d973a0e3 --- /dev/null +++ b/libsepol/tests/test-neverallow.c @@ -0,0 +1,172 @@ +#define _GNU_SOURCE /* vasprintf(3) */ + +#include "test-neverallow.h" + +#include "helpers.h" +#include "test-common.h" + +#include +#include +#include + +#include +#include + +extern int mls; + +int neverallow_test_init(void) +{ + return 0; +} + +int neverallow_test_cleanup(void) +{ + return 0; +} + +static struct msg_list { + char *msg; + struct msg_list *next; +} *messages; + +static void messages_clean(void) +{ + while (messages) { + struct msg_list *n = messages->next; + free(messages->msg); + free(messages); + messages = n; + } +} + +static void messages_check(unsigned count, const char *const expected[count]) +{ + unsigned i; + const struct msg_list *m = messages; + + for (i = 0; i < count; i++, m = m->next) { + if (!m) { + CU_FAIL("less messages than expected"); + fprintf(stderr, "\n\n", count, i); + return; + } + + if (strcmp(expected[i], m->msg) != 0) { + CU_FAIL("messages differ from expected"); + fprintf(stderr, "\n\n", expected[i], m->msg); + } + } + + if (m) { + CU_FAIL("more messages than expected"); + fprintf(stderr, "\n\n", count, m->msg); + } +} + +__attribute__ ((format(printf, 3, 4))) +static void msg_handler(void *varg __attribute__ ((unused)), + sepol_handle_t * handle __attribute__ ((unused)), + const char *fmt, ...) +{ + char *msg; + va_list ap; + int r; + + va_start(ap, fmt); + r = vasprintf(&msg, fmt, ap); + if (r < 0) + CU_FAIL_FATAL("oom"); + va_end(ap); + + struct msg_list *new = malloc(sizeof(*new)); + if (!new) + CU_FAIL_FATAL("oom"); + new->msg = msg; + new->next = messages; + messages = new; +} + +#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*a)) + +static void test_neverallow_basic(void) +{ + policydb_t basemod, base_expanded; + sepol_handle_t *handle; + static const char *const expected_messages[] = { + "30 neverallow failures occurred", + "neverallow on line 53 of policies/test-neverallow/policy.conf.std (or line 53 of policies/test-neverallow/policy.conf.std) violated by allow test1_t test1_t:file { read };", + "neverallow on line 60 of policies/test-neverallow/policy.conf.std (or line 60 of policies/test-neverallow/policy.conf.std) violated by allow test2_t test2_t:file { read write };", + "neverallow on line 67 of policies/test-neverallow/policy.conf.std (or line 67 of policies/test-neverallow/policy.conf.std) violated by allow test3_t test3_t:file { read };", + "neverallow on line 74 of policies/test-neverallow/policy.conf.std (or line 74 of policies/test-neverallow/policy.conf.std) violated by allow test4_t test4_t:file { read };", + "neverallow on line 81 of policies/test-neverallow/policy.conf.std (or line 81 of policies/test-neverallow/policy.conf.std) violated by allow test5_t test5_t:file { read };", + "neverallow on line 89 of policies/test-neverallow/policy.conf.std (or line 89 of policies/test-neverallow/policy.conf.std) violated by allow test6_1_t test6_1_t:file { read };", + "neverallow on line 97 of policies/test-neverallow/policy.conf.std (or line 97 of policies/test-neverallow/policy.conf.std) violated by allow test7_1_t test7_1_t:file { read };", + "neverallow on line 106 of policies/test-neverallow/policy.conf.std (or line 106 of policies/test-neverallow/policy.conf.std) violated by allow test8_t test8_t:file { write };", + "neverallow on line 106 of policies/test-neverallow/policy.conf.std (or line 106 of policies/test-neverallow/policy.conf.std) violated by allow test8_t test8_t:file { read };", + "neverallow on line 115 of policies/test-neverallow/policy.conf.std (or line 115 of policies/test-neverallow/policy.conf.std) violated by allow test9_t test9_t:file { read };", + "neverallow on line 115 of policies/test-neverallow/policy.conf.std (or line 115 of policies/test-neverallow/policy.conf.std) violated by allow test9_t test9_t:file { write };", + "neverallow on line 124 of policies/test-neverallow/policy.conf.std (or line 124 of policies/test-neverallow/policy.conf.std) violated by allow test10_1_t test10_1_t:file { read };", + "neverallow on line 131 of policies/test-neverallow/policy.conf.std (or line 131 of policies/test-neverallow/policy.conf.std) violated by allow test11_t test11_t:process { dyntransition transition };", + "neverallow on line 143 of policies/test-neverallow/policy.conf.std (or line 143 of policies/test-neverallow/policy.conf.std) violated by allow test12_3_t test12_1_t:file { getattr };", + "neverallow on line 143 of policies/test-neverallow/policy.conf.std (or line 143 of policies/test-neverallow/policy.conf.std) violated by allow test12_3_t test12_2_t:file { getattr };", + "neverallow on line 144 of policies/test-neverallow/policy.conf.std (or line 144 of policies/test-neverallow/policy.conf.std) violated by allow test12_3_t test12_1_t:file { open };", + "neverallow on line 144 of policies/test-neverallow/policy.conf.std (or line 144 of policies/test-neverallow/policy.conf.std) violated by allow test12_2_t test12_1_t:file { open };", + "neverallow on line 156 of policies/test-neverallow/policy.conf.std (or line 156 of policies/test-neverallow/policy.conf.std) violated by allow test13_1_t test13_1_t:file { read };", + "neverallowxperm on line 174 of policies/test-neverallow/policy.conf.std (or line 174 of policies/test-neverallow/policy.conf.std) violated by\nallow test15_t test15_t:file { ioctl };", + "neverallowxperm on line 182 of policies/test-neverallow/policy.conf.std (or line 182 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test16_t test16_t:file ioctl { 0x1111 };", + "neverallowxperm on line 198 of policies/test-neverallow/policy.conf.std (or line 198 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test18_t test18_t:file ioctl { 0x1111 };", + "neverallowxperm on line 206 of policies/test-neverallow/policy.conf.std (or line 206 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test19_t test19_t:file ioctl { 0x1111 };", + "neverallowxperm on line 216 of policies/test-neverallow/policy.conf.std (or line 216 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test20_a test20_a:file ioctl { 0x1111 };", + "neverallowxperm on line 227 of policies/test-neverallow/policy.conf.std (or line 227 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test21_1_a test21_2_a:file ioctl { 0x1111 };", + "neverallowxperm on line 237 of policies/test-neverallow/policy.conf.std (or line 237 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test22_t test22_t:file ioctl { 0x1111 };", + "neverallowxperm on line 247 of policies/test-neverallow/policy.conf.std (or line 247 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test23_t test23_t:file ioctl { 0x1111 };", + "neverallowxperm on line 257 of policies/test-neverallow/policy.conf.std (or line 257 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test24_t test24_a:file ioctl { 0x1111 };", + "neverallowxperm on line 267 of policies/test-neverallow/policy.conf.std (or line 267 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test25_t test25_t:file ioctl { 0x1111 };", + "neverallowxperm on line 277 of policies/test-neverallow/policy.conf.std (or line 277 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test26_a test26_a:file ioctl { 0x1111 };", + "neverallowxperm on line 277 of policies/test-neverallow/policy.conf.std (or line 277 of policies/test-neverallow/policy.conf.std) violated by\nallowxperm test26_a test26_a:file ioctl { 0x1111 };", + }; + + if (policydb_init(&base_expanded)) + CU_FAIL_FATAL("Failed to initialize policy"); + + if (test_load_policy(&basemod, POLICY_BASE, mls, "test-neverallow", "policy.conf")) + CU_FAIL_FATAL("Failed to load policy"); + + if (link_modules(NULL, &basemod, NULL, 0, 0)) + CU_FAIL_FATAL("Failed to link base module"); + + if (expand_module(NULL, &basemod, &base_expanded, 0, 0)) + CU_FAIL_FATAL("Failed to expand policy"); + + if ((handle = sepol_handle_create()) == NULL) + CU_FAIL_FATAL("Failed to initialize handle"); + + sepol_msg_set_callback(handle, msg_handler, NULL); + + if (check_assertions(handle, &base_expanded, base_expanded.global->branch_list->avrules) != -1) + CU_FAIL("Assertions did not trigger"); + + messages_check(ARRAY_SIZE(expected_messages), expected_messages); + + sepol_handle_destroy(handle); + messages_clean(); + policydb_destroy(&basemod); + policydb_destroy(&base_expanded); +} + +int neverallow_add_tests(CU_pSuite suite) +{ + /* + * neverallow rules operate only on types and are unaffected by MLS + * (avoid adjusting the messages for std and mls) + */ + if (mls) + return 0; + + if (NULL == CU_add_test(suite, "neverallow_basic", test_neverallow_basic)) { + CU_cleanup_registry(); + return CU_get_error(); + } + + return 0; +} diff --git a/libsepol/tests/test-neverallow.h b/libsepol/tests/test-neverallow.h new file mode 100644 index 00000000..d3c2a74e --- /dev/null +++ b/libsepol/tests/test-neverallow.h @@ -0,0 +1,10 @@ +#ifndef TEST_NEVERALLOW_H__ +#define TEST_NEVERALLOW_H__ + +#include + +int neverallow_test_init(void); +int neverallow_test_cleanup(void); +int neverallow_add_tests(CU_pSuite suite); + +#endif /* TEST_NEVERALLOW_H__ */ From 0cdaf73c08249526fc58939d3c405aebf430f518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 9 Nov 2022 20:56:38 +0100 Subject: [PATCH 09/39] libselinux: make use of strndup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using strndup(3) instead of malloc(3) followed by strncpy(3) simplifies the code and pleases GCC: In file included from /usr/include/string.h:535, from context.c:2: In function ‘strncpy’, inlined from ‘context_new’ at context.c:74:3: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:95:10: error: ‘__builtin_strncpy’ destination unchanged after copying no bytes [-Werror=stringop-truncation] 95 | return __builtin___strncpy_chk (__dest, __src, __len, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 96 | __glibc_objsize (__dest)); | ~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/context.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/libselinux/src/context.c b/libselinux/src/context.c index 8830bf42..33c48ef3 100644 --- a/libselinux/src/context.c +++ b/libselinux/src/context.c @@ -68,11 +68,9 @@ context_t context_new(const char *str) for (p = tok; *p; p++) { /* empty */ } } - n->component[i] = (char *)malloc(p - tok + 1); + n->component[i] = strndup(tok, p - tok); if (n->component[i] == 0) goto err; - strncpy(n->component[i], tok, p - tok); - n->component[i][p - tok] = '\0'; tok = *p ? p + 1 : p; } return result; From d97c34efa5b95d8ec7c0445aa4f87eacf980bab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 10 Nov 2022 19:23:42 +0100 Subject: [PATCH 10/39] libselinux: bail out on path truncations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bail out if computed paths based on user input are being truncated, to avoid wrong files to be opened. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/booleans.c | 9 +++------ libselinux/src/get_initial_context.c | 8 ++++++-- libselinux/src/stringrep.c | 15 ++++++++++++--- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index ef1f64a0..dbcccd70 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -7,7 +7,6 @@ #ifndef DISABLE_BOOL -#include #include #include #include @@ -147,7 +146,7 @@ out: static int bool_open(const char *name, int flag) { char *fname = NULL; char *alt_name = NULL; - int len; + size_t len; int fd = -1; int ret; char *ptr; @@ -164,9 +163,8 @@ static int bool_open(const char *name, int flag) { return -1; ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); - if (ret < 0) + if (ret < 0 || (size_t)ret >= len) goto out; - assert(ret < len); fd = open(fname, flag); if (fd >= 0 || errno != ENOENT) @@ -184,9 +182,8 @@ static int bool_open(const char *name, int flag) { fname = ptr; ret = snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, alt_name); - if (ret < 0) + if (ret < 0 || (size_t)ret >= len) goto out; - assert(ret < len); fd = open(fname, flag); out: diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 97ae3dcf..87c8adfa 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -23,8 +23,12 @@ int security_get_initial_context_raw(const char * name, char ** con) return -1; } - snprintf(path, sizeof path, "%s%s%s", - selinux_mnt, SELINUX_INITCON_DIR, name); + ret = snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name); + if (ret < 0 || (size_t)ret >= sizeof path) { + errno = EOVERFLOW; + return -1; + } + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) return -1; diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c index 592410e5..d2237d1c 100644 --- a/libselinux/src/stringrep.c +++ b/libselinux/src/stringrep.c @@ -82,7 +82,10 @@ static struct discover_class_node * discover_class(const char *s) goto err2; /* load up class index */ - snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); + ret = snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); + if (ret < 0 || (size_t)ret >= sizeof path) + goto err3; + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) goto err3; @@ -97,7 +100,10 @@ static struct discover_class_node * discover_class(const char *s) goto err3; /* load up permission indices */ - snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s); + ret = snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s); + if (ret < 0 || (size_t)ret >= sizeof path) + goto err3; + dir = opendir(path); if (dir == NULL) goto err3; @@ -107,7 +113,10 @@ static struct discover_class_node * discover_class(const char *s) unsigned int value; struct stat m; - snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name); + ret = snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name); + if (ret < 0 || (size_t)ret >= sizeof path) + goto err4; + fd = open(path, O_RDONLY | O_CLOEXEC); if (fd < 0) goto err4; From d31280c26e066d68c3061fc24f5951829f641e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 14 Nov 2022 20:32:08 +0100 Subject: [PATCH 11/39] libselinux: filter arguments with path separators MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Boolean names, taken by security_get_boolean_pending(3), security_get_boolean_active(3) and security_set_boolean(3), as well as user names, taken by security_get_initial_context(3), are used in path constructions. Ensure they do not contain path separators to avoid unwanted path traversal. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/booleans.c | 5 +++-- libselinux/src/get_initial_context.c | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c index dbcccd70..e34b39ff 100644 --- a/libselinux/src/booleans.c +++ b/libselinux/src/booleans.c @@ -131,7 +131,8 @@ char *selinux_boolean_sub(const char *name) ptr++; *ptr = '\0'; - sub = strdup(dst); + if (!strchr(dst, '/')) + sub = strdup(dst); break; } @@ -151,7 +152,7 @@ static int bool_open(const char *name, int flag) { int ret; char *ptr; - if (!name) { + if (!name || strchr(name, '/')) { errno = EINVAL; return -1; } diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c index 87c8adfa..0f25ba3f 100644 --- a/libselinux/src/get_initial_context.c +++ b/libselinux/src/get_initial_context.c @@ -23,6 +23,11 @@ int security_get_initial_context_raw(const char * name, char ** con) return -1; } + if (strchr(name, '/')) { + errno = EINVAL; + return -1; + } + ret = snprintf(path, sizeof path, "%s%s%s", selinux_mnt, SELINUX_INITCON_DIR, name); if (ret < 0 || (size_t)ret >= sizeof path) { errno = EOVERFLOW; From 7fd9628dd436ce018082d2861da9d2972fd87926 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 18 Nov 2022 13:51:52 +0100 Subject: [PATCH 12/39] python/sepolicy: Fix sepolicy manpage -w ... Commit 7494bb1298b3 ("sepolicy: generate man pages in parallel") improved sepolicy performance but broke `sepolicy manpage -w ...` as it didn't collect data about domains and roles from ManPage() and so HTMLManPages() generated only empty page. This is fixed now, domains and roles are being collected and used for HTML pages. Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy.py | 13 +++++++++++-- python/sepolicy/sepolicy/manpage.py | 12 +++++------- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py index 733d4048..82ff6af2 100755 --- a/python/sepolicy/sepolicy.py +++ b/python/sepolicy/sepolicy.py @@ -332,9 +332,10 @@ def manpage_work(domain, path, root, source_files, web): from sepolicy.manpage import ManPage m = ManPage(domain, path, root, source_files, web) print(m.get_man_page_path()) + return (m.manpage_domains, m.manpage_roles) def manpage(args): - from sepolicy.manpage import HTMLManPages, manpage_domains, manpage_roles, gen_domains + from sepolicy.manpage import HTMLManPages, gen_domains path = args.path if not args.policy and args.root != "/": @@ -347,9 +348,17 @@ def manpage(args): else: test_domains = args.domain + manpage_domains = set() + manpage_roles = set() p = Pool() + async_results = [] for domain in test_domains: - p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web]) + async_results.append(p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web])) + for result in async_results: + domains, roles = result.get() + manpage_domains.update(domains) + manpage_roles.update(roles) + p.close() p.join() diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index 3e61e333..de72cb6c 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -21,7 +21,7 @@ # 02111-1307 USA # # -__all__ = ['ManPage', 'HTMLManPages', 'manpage_domains', 'manpage_roles', 'gen_domains'] +__all__ = ['ManPage', 'HTMLManPages', 'gen_domains'] import string import selinux @@ -147,10 +147,6 @@ def _gen_types(): def prettyprint(f, trim): return " ".join(f[:-len(trim)].split("_")) -# for HTML man pages -manpage_domains = [] -manpage_roles = [] - fedora_releases = ["Fedora17", "Fedora18"] rhel_releases = ["RHEL6", "RHEL7"] @@ -408,6 +404,8 @@ class ManPage: """ modules_dict = None enabled_str = ["Disabled", "Enabled"] + manpage_domains = [] + manpage_roles = [] def __init__(self, domainname, path="/tmp", root="/", source_files=False, html=False): self.html = html @@ -453,10 +451,10 @@ class ManPage: if self.domainname + "_r" in self.all_roles: self.__gen_user_man_page() if self.html: - manpage_roles.append(self.man_page_path) + self.manpage_roles.append(self.man_page_path) else: if self.html: - manpage_domains.append(self.man_page_path) + self.manpage_domains.append(self.man_page_path) self.__gen_man_page() self.fd.close() From 3ea0947f1ec8ea8aeaf67371bed1f19a91d0bc84 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 18 Nov 2022 13:51:53 +0100 Subject: [PATCH 13/39] python/sepolicy: Use distro module to get os version distro module uses /etc/os-release file which contains operating system identification data, see os-release(5). Given that the mechanism doesn't use `rpm` it should be possible to generate man pages on other distributions. Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/__init__.py | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index 9c3caa05..baa4c8e6 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -1226,27 +1226,14 @@ def boolean_desc(boolean): def get_os_version(): - os_version = "" - pkg_name = "selinux-policy" + system_release = "" try: - try: - from commands import getstatusoutput - except ImportError: - from subprocess import getstatusoutput - rc, output = getstatusoutput("rpm -q '%s'" % pkg_name) - if rc == 0: - os_version = output.split(".")[-2] - except: - os_version = "" + import distro + system_release = distro.name(pretty=True) + except IOError: + system_release = "Misc" - if os_version[0:2] == "fc": - os_version = "Fedora" + os_version[2:] - elif os_version[0:2] == "el": - os_version = "RHEL" + os_version[2:] - else: - os_version = "" - - return os_version + return system_release def reinit(): From 4beba554f0e84e7046395cdb2103044586fcc49a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 18 Nov 2022 13:51:55 +0100 Subject: [PATCH 14/39] python/sepolicy: Simplify generation of man pages And do not hardcode Fedora and RHEL versions. Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/manpage.py | 71 ++++------------------------- 1 file changed, 8 insertions(+), 63 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index de72cb6c..edeb3b77 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -147,9 +147,6 @@ def _gen_types(): def prettyprint(f, trim): return " ".join(f[:-len(trim)].split("_")) -fedora_releases = ["Fedora17", "Fedora18"] -rhel_releases = ["RHEL6", "RHEL7"] - def get_alphabet_manpages(manpage_list): alphabet_manpages = dict.fromkeys(string.ascii_letters, []) @@ -180,7 +177,7 @@ def convert_manpage_to_html(html_manpage, manpage): class HTMLManPages: """ - Generate a HHTML Manpages on an given SELinux domains + Generate a HTML Manpages on an given SELinux domains """ def __init__(self, manpage_roles, manpage_domains, path, os_version): @@ -188,18 +185,12 @@ class HTMLManPages: self.manpage_domains = get_alphabet_manpages(manpage_domains) self.os_version = os_version self.old_path = path + "/" - self.new_path = self.old_path + self.os_version + "/" - - if self.os_version in fedora_releases or self.os_version in rhel_releases: - self.__gen_html_manpages() - else: - print("SELinux HTML man pages can not be generated for this %s" % os_version) - exit(1) + self.new_path = self.old_path + self.__gen_html_manpages() def __gen_html_manpages(self): self._write_html_manpage() self._gen_index() - self._gen_body() self._gen_css() def _write_html_manpage(self): @@ -217,67 +208,21 @@ class HTMLManPages: convert_manpage_to_html((self.new_path + r.rsplit("_selinux", 1)[0] + ".html"), self.old_path + r) def _gen_index(self): - index = self.old_path + "index.html" - fd = open(index, 'w') - fd.write(""" - - - - SELinux man pages online - - -

SELinux man pages

-

-Fedora or Red Hat Enterprise Linux Man Pages. -

-
-

Fedora

- - -
-
-
-""")
-        for f in fedora_releases:
-            fd.write("""
-%s - SELinux man pages for %s """ % (f, f, f, f))
-
-        fd.write("""
-
-
-

RHEL

- - -
-
-
-""")
-        for r in rhel_releases:
-            fd.write("""
-%s - SELinux man pages for %s """ % (r, r, r, r))
-
-        fd.write("""
-
- """) - fd.close() - print("%s has been created" % index) - - def _gen_body(self): - html = self.new_path + self.os_version + ".html" + html = self.new_path + "index.html" fd = open(html, 'w') fd.write(""" - - Linux man-pages online for Fedora18 + + SELinux man pages -

SELinux man pages for Fedora18

+

SELinux man pages for %s

SELinux roles

-""") +""" % self.os_version) for letter in self.manpage_roles: if len(self.manpage_roles[letter]): fd.write(""" From 25d7941aee870c16264e7c3dfe7f48b9efbf524f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 7 Nov 2022 10:25:05 +0100 Subject: [PATCH 15/39] fixfiles: Unmount temporary bind mounts on SIGINT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `fixfiles -M relabel` temporary bind mounts file systems before relabeling, but it left the / directory mounted in /tmp/tmp.XXXX when a user hit CTRL-C. It means that if the user run `fixfiles -M relabel` again and answered Y to clean out /tmp directory, it would remove all data from mounted fs. This patch changes the location where `fixfiles` mounts fs to /run, uses private mount namespace via unshare and adds a handler for exit signals which tries to umount fs mounted by `fixfiles`. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2125355 Signed-off-by: Petr Lautrbach Tested-by: Christian Göttsche Acked-by: James Carter --- policycoreutils/scripts/fixfiles | 36 +++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 8 deletions(-) diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles index c72ca0eb..166af6f3 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -207,6 +207,25 @@ rpm -q --qf '[%{FILESTATES} %{FILENAMES}\n]' "$1" | grep '^0 ' | cut -f2- -d ' ' [ ${PIPESTATUS[0]} != 0 ] && echo "$1 not found" >/dev/stderr } +# unmount tmp bind mount before exit +umount_TMP_MOUNT() { + if [ -n "$TMP_MOUNT" ]; then + umount "${TMP_MOUNT}${m}" || exit 130 + rm -rf "${TMP_MOUNT}" || echo "Error cleaning up." + fi + exit 130 +} + +fix_labels_on_mountpoint() { + test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1 + mkdir -p "${TMP_MOUNT}${m}" || exit 1 + mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1 + ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" + umount "${TMP_MOUNT}${m}" || exit 1 + rm -rf "${TMP_MOUNT}" || echo "Error cleaning up." +} +export -f fix_labels_on_mountpoint + # # restore # if called with -n will only check file context @@ -252,14 +271,15 @@ case "$RESTORE_MODE" in # we bind mount so we can fix the labels of files that have already been # mounted over for m in `echo $FILESYSTEMSRW`; do - TMP_MOUNT="$(mktemp -d)" - test -z ${TMP_MOUNT+x} && echo "Unable to find temporary directory!" && exit 1 - - mkdir -p "${TMP_MOUNT}${m}" || exit 1 - mount --bind "${m}" "${TMP_MOUNT}${m}" || exit 1 - ${SETFILES} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} ${THREADS} $* -q ${FC} -r "${TMP_MOUNT}" "${TMP_MOUNT}${m}" - umount "${TMP_MOUNT}${m}" || exit 1 - rm -rf "${TMP_MOUNT}" || echo "Error cleaning up." + TMP_MOUNT="$(mktemp -p /run -d fixfiles.XXXXXXXXXX)" + export SETFILES VERBOSE EXCLUDEDIRS FORCEFLAG THREADS FC TMP_MOUNT m + if type unshare &> /dev/null; then + unshare -m bash -c "fix_labels_on_mountpoint $*" || exit $? + else + trap umount_TMP_MOUNT EXIT + fix_labels_on_mountpoint $* + trap EXIT + fi done; fi else From fb7f35495fbad468d6efa76c5fed727659903038 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 21 Nov 2022 12:01:25 +0100 Subject: [PATCH 16/39] Fix E275 missing whitespace after keyword Fixes: ./gui/polgengui.py:484:18: E275 missing whitespace after keyword ./gui/polgengui.py:530:18: E275 missing whitespace after keyword ./python/sepolgen/src/sepolgen/policygen.py:327:19: E275 missing whitespace after keyword ./python/sepolgen/src/sepolgen/policygen.py:329:11: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/__init__.py:453:15: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/generate.py:1351:28: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/generate.py:1353:28: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/gui.py:638:24: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/gui.py:863:23: E275 missing whitespace after keyword ./python/sepolicy/sepolicy/gui.py:2177:16: E275 missing whitespace after keyword ./sandbox/sandbox:114:7: E275 missing whitespace after keyword ./sandbox/sandbox:134:11: E275 missing whitespace after keyword ./sandbox/sandbox:136:7: E275 missing whitespace after keyword Signed-off-by: Petr Lautrbach Acked-by: James Carter --- gui/polgengui.py | 4 ++-- python/sepolgen/src/sepolgen/policygen.py | 4 ++-- python/sepolicy/sepolicy/__init__.py | 4 ++-- python/sepolicy/sepolicy/generate.py | 4 ++-- python/sepolicy/sepolicy/gui.py | 6 +++--- sandbox/sandbox | 6 +++--- 6 files changed, 14 insertions(+), 14 deletions(-) diff --git a/gui/polgengui.py b/gui/polgengui.py index 7a3ecd50..16116ba6 100644 --- a/gui/polgengui.py +++ b/gui/polgengui.py @@ -481,7 +481,7 @@ class childWindow: my_policy = sepolicy.generate.policy(self.get_name(), self.get_type()) iter = self.boolean_store.get_iter_first() - while(iter): + while iter: my_policy.add_boolean(self.boolean_store.get_value(iter, 0), self.boolean_store.get_value(iter, 1)) iter = self.boolean_store.iter_next(iter) @@ -527,7 +527,7 @@ class childWindow: my_policy.set_out_udp(self.out_udp_all_checkbutton.get_active(), self.out_udp_entry.get_text()) iter = self.store.get_iter_first() - while(iter): + while iter: if self.store.get_value(iter, 1) == FILE: my_policy.add_file(self.store.get_value(iter, 0)) else: diff --git a/python/sepolgen/src/sepolgen/policygen.py b/python/sepolgen/src/sepolgen/policygen.py index 8f0ce26e..183b41a9 100644 --- a/python/sepolgen/src/sepolgen/policygen.py +++ b/python/sepolgen/src/sepolgen/policygen.py @@ -324,9 +324,9 @@ def call_interface(interface, av): ifcall.args.append(av.obj_class) else: print(params[i].type) - assert(0) + assert 0 - assert(len(ifcall.args) > 0) + assert len(ifcall.args) > 0 return ifcall diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index baa4c8e6..68907a4f 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -450,9 +450,9 @@ def get_conditionals(src, dest, tclass, perm): tlist.append(tdict) tdict = {} except KeyError: - return(tlist) + return tlist - return (tlist) + return tlist def get_conditionals_format_text(cond): diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py index 3717d5d4..b6df3e91 100644 --- a/python/sepolicy/sepolicy/generate.py +++ b/python/sepolicy/sepolicy/generate.py @@ -1346,9 +1346,9 @@ allow %s_t %s_t:%s_socket name_%s; if len(temp_dirs) != 0: for i in temp_dirs: if i in self.dirs.keys(): - del(self.dirs[i]) + del self.dirs[i] elif i in self.files.keys(): - del(self.files[i]) + del self.files[i] else: continue diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index 335be582..c8f33f52 100644 --- a/python/sepolicy/sepolicy/gui.py +++ b/python/sepolicy/sepolicy/gui.py @@ -635,7 +635,7 @@ class SELinuxGui(): for k in self.cur_dict: for j in self.cur_dict[k]: if i == ctr: - del(self.cur_dict[k][j]) + del self.cur_dict[k][j] return i += 1 @@ -860,7 +860,7 @@ class SELinuxGui(): if val is True or val is False or val is None: continue # Returns true if filter_txt exists within the val - if(val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1): + if val.find(self.filter_txt) != -1 or val.lower().find(self.filter_txt) != -1: return True except (AttributeError, TypeError): pass @@ -2174,7 +2174,7 @@ class SELinuxGui(): model.set_value(iter, 0, not model.get_value(iter, 0)) active = model.get_value(iter, 0) if name in self.cur_dict["boolean"]: - del(self.cur_dict["boolean"][name]) + del self.cur_dict["boolean"][name] else: self.cur_dict["boolean"][name] = {"active": active} self.new_updates() diff --git a/sandbox/sandbox b/sandbox/sandbox index 77080734..a2762a7d 100644 --- a/sandbox/sandbox +++ b/sandbox/sandbox @@ -111,7 +111,7 @@ def copyfile(file, srcdir, dest): def savefile(new, orig, X_ind): copy = False - if(X_ind): + if X_ind: import gi gi.require_version('Gtk', '3.0') from gi.repository import Gtk @@ -131,9 +131,9 @@ def savefile(new, orig, X_ind): except NameError: pass ans = input(_("Do you want to save changes to '%s' (y/N): ") % orig) - if(re.match(_("[yY]"), ans)): + if re.match(_("[yY]"), ans): copy = True - if(copy): + if copy: shutil.copy2(new, orig) From 001af27a6d32e5b3d1f7410f0007687d7e3c07f5 Mon Sep 17 00:00:00 2001 From: Jie Lu Date: Tue, 22 Nov 2022 13:21:10 +0800 Subject: [PATCH 17/39] libselinux: fix some memory issues in db_init 1. check the return of strdup to avoid a potential NULL reference. 2. make sure line_buf is freed. Signed-off-by: Jie Lu Acked-by: James Carter --- libselinux/src/label_db.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c index 94c05c6d..bd73201c 100644 --- a/libselinux/src/label_db.c +++ b/libselinux/src/label_db.c @@ -293,6 +293,11 @@ db_init(const struct selinux_opt *opts, unsigned nopts, return NULL; } rec->spec_file = strdup(path); + if (!rec->spec_file) { + free(catalog); + fclose(filp); + return NULL; + } /* * Parse for each lines @@ -322,18 +327,19 @@ db_init(const struct selinux_opt *opts, unsigned nopts, if (process_line(path, line_buf, ++line_num, catalog) < 0) goto out_error; } - free(line_buf); if (digest_add_specfile(rec->digest, filp, NULL, sb.st_size, path) < 0) goto out_error; digest_gen_hash(rec->digest); + free(line_buf); fclose(filp); return catalog; out_error: + free(line_buf); for (i = 0; i < catalog->nspec; i++) { spec_t *spec = &catalog->specs[i]; From 2c3b818f5d76ad3eb4d067b6a3ad8688a1afba86 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 22 Nov 2022 17:11:06 +0100 Subject: [PATCH 18/39] Use `pip install` instead of `setup.py install` Fixes: /usr/lib/python3.11/site-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools. Signed-off-by: Petr Lautrbach Acked-by: James Carter --- README.md | 4 +++- libselinux/src/Makefile | 2 +- python/sepolicy/Makefile | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 529b7e46..e11b0028 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,7 @@ dnf install \ # For Python and Ruby bindings dnf install \ python3-devel \ + python3-pip \ ruby-devel \ swig ``` @@ -92,6 +93,7 @@ apt-get install --no-install-recommends --no-install-suggests \ # For Python and Ruby bindings apt-get install --no-install-recommends --no-install-suggests \ python3-dev \ + python3-pip \ ruby-dev \ swig ``` @@ -102,7 +104,7 @@ To build and install everything under a private directory, run: make DESTDIR=~/obj install install-rubywrap install-pywrap -On Debian `PYTHON_SETUP_ARGS=--install-layout=deb` needs to be set when installing the python wrappers in order to create the correct python directory structure. +On Debian `PYTHON_SETUP_ARGS='--install-option "--install-layout=deb"'` needs to be set when installing the python wrappers in order to create the correct python directory structure. To run tests with the built libraries and programs, several paths (relative to `$DESTDIR`) need to be added to variables `$LD_LIBRARY_PATH`, `$PATH` and `$PYTHONPATH`. This can be done using [./scripts/env_use_destdir](./scripts/env_use_destdir): diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index dc284832..0f6396ab 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -187,7 +187,7 @@ install: all ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile index d983e409..57a2e55e 100644 --- a/python/sepolicy/Makefile +++ b/python/sepolicy/Makefile @@ -27,7 +27,7 @@ test: @$(PYTHON) test_sepolicy.py -v install: - $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) From 1d33c911f514449bbc8cab71332752c22561b911 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 24 Nov 2022 17:31:52 +0100 Subject: [PATCH 19/39] checkpolicy: Improve error message for type bounds Make the error message consistent with other occurrences of the same issue: https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/module_compiler.c#L243 https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/module_compiler.c#L488 Signed-off-by: Vit Mojzis Acked-by: James Carter --- checkpolicy/policy_define.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 41e44631..86d57017 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -1416,7 +1416,7 @@ static int define_typebounds_helper(char *bounds_id, char *type_id) if (!type->bounds) type->bounds = bounds->s.value; else if (type->bounds != bounds->s.value) { - yyerror2("type %s has inconsistent master {%s,%s}", + yyerror2("type %s has inconsistent bounds %s/%s", type_id, policydbp->p_type_val_to_name[type->bounds - 1], policydbp->p_type_val_to_name[bounds->s.value - 1]); From c84b977b17fa784f7b5c3a3a62101a253b4dd2be Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 24 Nov 2022 17:31:53 +0100 Subject: [PATCH 20/39] libsemanage: Use more conscious language https://inclusivenaming.org/word-lists/tier-1/ Signed-off-by: Vit Mojzis Acked-by: James Carter --- libsemanage/src/semanage_store.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c index 14a0957a..27c5d349 100644 --- a/libsemanage/src/semanage_store.c +++ b/libsemanage/src/semanage_store.c @@ -2400,7 +2400,7 @@ static semanage_file_context_node_t /* Sorts file contexts from least specific to most specific. * A bucket linked list is passed in. Upon completion, - * there is only one bucket (pointed to by master) that + * there is only one bucket (pointed to by "main") that * contains a linked list of all the file contexts in sorted order. * Explanation of the algorithm: * This is a stable implementation of an iterative merge sort. @@ -2411,15 +2411,15 @@ static semanage_file_context_node_t * Buckets are merged until there is only one bucket left, * containing the list of file contexts, sorted. */ -static void semanage_fc_merge_sort(semanage_file_context_bucket_t * master) +static void semanage_fc_merge_sort(semanage_file_context_bucket_t * main) { semanage_file_context_bucket_t *current; semanage_file_context_bucket_t *temp; - /* Loop until master is the only bucket left. - * When we stop master contains the sorted list. */ - while (master->next) { - current = master; + /* Loop until "main" is the only bucket left. + * When we stop "main" contains the sorted list. */ + while (main->next) { + current = main; /* Merge buckets two-by-two. * If there is an odd number of buckets, the last @@ -2547,7 +2547,7 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, semanage_file_context_node_t *temp; semanage_file_context_node_t *head; semanage_file_context_node_t *current; - semanage_file_context_bucket_t *master; + semanage_file_context_bucket_t *main; semanage_file_context_bucket_t *bcurrent; i = 0; @@ -2746,9 +2746,9 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, /* Create the bucket linked list from the node linked list. */ current = head->next; - bcurrent = master = (semanage_file_context_bucket_t *) + bcurrent = main = (semanage_file_context_bucket_t *) calloc(1, sizeof(semanage_file_context_bucket_t)); - if (!master) { + if (!main) { ERR(sh, "Failure allocating memory."); semanage_fc_node_list_destroy(head); return -1; @@ -2772,7 +2772,7 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, calloc(1, sizeof(semanage_file_context_bucket_t)); if (!(bcurrent->next)) { ERR(sh, "Failure allocating memory."); - semanage_fc_bucket_list_destroy(master); + semanage_fc_bucket_list_destroy(main); return -1; } @@ -2781,14 +2781,14 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, } /* Sort the bucket list. */ - semanage_fc_merge_sort(master); + semanage_fc_merge_sort(main); /* First, calculate how much space we'll need for * the newly sorted block of data. (We don't just * use buf_len for this because we have extracted * comments and whitespace.) */ i = 0; - current = master->data; + current = main->data; while (current) { i += current->path_len + 1; /* +1 for a tab */ if (current->file_type) { @@ -2803,14 +2803,14 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, *sorted_buf = calloc(i, sizeof(char)); if (!*sorted_buf) { ERR(sh, "Failure allocating memory."); - semanage_fc_bucket_list_destroy(master); + semanage_fc_bucket_list_destroy(main); return -1; } *sorted_buf_len = i; /* Output the sorted semanage_file_context linked list to the char buffer. */ sorted_buf_pos = *sorted_buf; - current = master->data; + current = main->data; while (current) { /* Output the path. */ i = current->path_len + 1; /* +1 for tab */ @@ -2834,7 +2834,7 @@ int semanage_fc_sort(semanage_handle_t * sh, const char *buf, size_t buf_len, } /* Clean up. */ - semanage_fc_bucket_list_destroy(master); + semanage_fc_bucket_list_destroy(main); /* Sanity check. */ sorted_buf_pos++; From 4c47f92758df0ad266e8306bbec7b2798a4be3ea Mon Sep 17 00:00:00 2001 From: Jie Lu Date: Tue, 29 Nov 2022 20:00:20 +0800 Subject: [PATCH 21/39] libselinux:add check for malloc Add return check for regex_data_create() to avoid NULL reference of regex_data (gdb) bt #0 0x00007fbde5caec14 in pthread_mutex_init () from /usr/lib64/libc.so.6 #1 0x00007fbde5e3a489 in regex_data_create () at regex.c:260 #2 0x00007fbde5e3a4af in regex_prepare_data (regex=regex@entry=0x7fbde4613770, pattern_string=pattern_string@entry=0x563c6799a820 "^/home$", errordata=errordata@entry=0x7ffeb83fa950) at regex.c:76 #3 0x00007fbde5e32fe6 in compile_regex (errbuf=0x0, spec=0x7fbde4613748) at label_file.h:407 #4 lookup_all (key=0x563c679974e5 "/var/log/kadmind.log", type=, partial=partial@entry=false, match_count=match_count@entry=0x0, rec=, rec=) at label_file.c:949 #5 0x00007fbde5e33350 in lookup (rec=, key=, type=) at label_file.c:1092 #6 0x00007fbde5e31878 in selabel_lookup_common (rec=0x563c67998cc0, translating=1, key=, type=) at label.c:167 Signed-off-by: Jie Lu Acked-by: James Carter --- libselinux/src/regex.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index 73987d9f..149a7973 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -257,6 +257,9 @@ struct regex_data *regex_data_create(void) { struct regex_data *regex_data = (struct regex_data *)calloc(1, sizeof(struct regex_data)); + if (!regex_data) + return NULL; + __pthread_mutex_init(®ex_data->match_mutex, NULL); return regex_data; } From a9517c389643ad641a92dd0e0e2b3f5e6120a145 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 8 Dec 2022 20:43:34 +0100 Subject: [PATCH 22/39] sepolicy: Switch main selection menu to GtkPopover Fixes: https://github.com/SELinuxProject/selinux/issues/206 Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/gui.py | 20 ++++---------------- python/sepolicy/sepolicy/sepolicy.glade | 9 +-------- 2 files changed, 5 insertions(+), 24 deletions(-) diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index c8f33f52..53f3c614 100644 --- a/python/sepolicy/sepolicy/gui.py +++ b/python/sepolicy/sepolicy/gui.py @@ -135,9 +135,8 @@ class SELinuxGui(): builder.add_from_file(glade_file) self.outer_notebook = builder.get_object("outer_notebook") self.window = builder.get_object("SELinux_window") - self.main_selection_window = builder.get_object("Main_selection_menu") + self.main_selection_popover = builder.get_object("Main_selection_menu") self.main_advanced_label = builder.get_object("main_advanced_label") - self.popup = 0 self.applications_selection_button = builder.get_object("applications_selection_button") self.revert_button = builder.get_object("Revert_button") self.busy_cursor = Gdk.Cursor(Gdk.CursorType.WATCH) @@ -531,7 +530,6 @@ class SELinuxGui(): dic = { "on_combo_button_clicked": self.open_combo_menu, "on_disable_ptrace_toggled": self.on_disable_ptrace, - "on_SELinux_window_configure_event": self.hide_combo_menu, "on_entrycompletion_obj_match_selected": self.set_application_label, "on_filter_changed": self.get_filter_data, "on_save_changes_file_equiv_clicked": self.update_to_file_equiv, @@ -808,18 +806,8 @@ class SELinuxGui(): return self.help_show_page() def open_combo_menu(self, *args): - if self.popup == 0: - self.popup = 1 - location = self.window.get_position() - self.main_selection_window.move(location[0] + 2, location[1] + 65) - self.main_selection_window.show() - else: - self.main_selection_window.hide() - self.popup = 0 - - def hide_combo_menu(self, *args): - self.main_selection_window.hide() - self.popup = 0 + self.main_selection_popover.set_relative_to(self.applications_selection_button) + self.main_selection_popover.popup() def set_application_label(self, *args): self.set_application_label = True @@ -2335,7 +2323,7 @@ class SELinuxGui(): self.active_button = self.network_radio_button def clearbuttons(self, clear=True): - self.main_selection_window.hide() + self.main_selection_popover.hide() self.boolean_radio_button.set_visible(False) self.files_radio_button.set_visible(False) self.network_radio_button.set_visible(False) diff --git a/python/sepolicy/sepolicy/sepolicy.glade b/python/sepolicy/sepolicy/sepolicy.glade index 0724d6c8..30e7b03f 100644 --- a/python/sepolicy/sepolicy/sepolicy.glade +++ b/python/sepolicy/sepolicy/sepolicy.glade @@ -10,11 +10,8 @@ - + False - 265 - 100 - False True @@ -53,7 +50,6 @@ gtk-find False False - @@ -306,7 +302,6 @@ - @@ -1707,9 +1702,7 @@ center-always 650 420 - - True From 98c637c4cc2fba7b10cd9fe1450d3e838742db1f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 8 Dec 2022 20:43:35 +0100 Subject: [PATCH 23/39] python: Fix detection of sepolicy.glade location Commit c08cf24f3998 ("python: Remove dependency on the Python module distutils") replace usage of distutils.sysconfig by sysconfig but it was forgotten on the fact that the later provide a different api. Fixes: self.code_path = sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" ^^^^^^^^^^^^^^^^^^^^^^^^ AttributeError: module 'sysconfig' has no attribute 'get_python_lib' Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/gui.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py index 53f3c614..04208049 100644 --- a/python/sepolicy/sepolicy/gui.py +++ b/python/sepolicy/sepolicy/gui.py @@ -130,7 +130,7 @@ class SELinuxGui(): self.application = app self.filter_txt = "" builder = Gtk.Builder() # BUILDER OBJ - self.code_path = sysconfig.get_python_lib(plat_specific=False) + "/sepolicy/" + self.code_path = sysconfig.get_path('purelib', vars={'base': "/usr"}) + "/sepolicy/" glade_file = self.code_path + "sepolicy.glade" builder.add_from_file(glade_file) self.outer_notebook = builder.get_object("outer_notebook") From 7ff1d7f1c2a141a24a2af5db01fff07754ba18bc Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 12 Dec 2022 18:43:49 +0100 Subject: [PATCH 24/39] sepolicy: Call os.makedirs() with exist_ok=True Since commit 7494bb1298b3 ("sepolicy: generate man pages in parallel") man pages are generated in parallel and there's a race between os.path.exists() and os.makedirs(). The check os.path.exists() is not necessary when os.makedirs() is called with exist_ok=True. Fixes: /usr/bin/sepolicy manpage -a -p /__w/usr/share/man/man8/ -w -r /__w/ FileExistsError: [Errno 17] File exists: '/__w/usr/share/man/man8/' Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/manpage.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index edeb3b77..1bff8f9a 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -376,8 +376,7 @@ class ManPage: self.fcdict = sepolicy.get_fcdict(self.fcpath) - if not os.path.exists(path): - os.makedirs(path) + os.makedirs(path, exist_ok=True) self.path = path From 2a91411d7f6272f1d6c6b1655e6cc9877a0ef0e8 Mon Sep 17 00:00:00 2001 From: James Carter Date: Fri, 16 Dec 2022 17:04:32 -0500 Subject: [PATCH 25/39] Revert "Use `pip install` instead of `setup.py install`" This reverts commit 2c3b818f5d76ad3eb4d067b6a3ad8688a1afba86. An earlier version of the patch was commited by mistake. Signed-off-by: James Carter --- README.md | 4 +--- libselinux/src/Makefile | 2 +- python/sepolicy/Makefile | 2 +- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e11b0028..529b7e46 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ dnf install \ # For Python and Ruby bindings dnf install \ python3-devel \ - python3-pip \ ruby-devel \ swig ``` @@ -93,7 +92,6 @@ apt-get install --no-install-recommends --no-install-suggests \ # For Python and Ruby bindings apt-get install --no-install-recommends --no-install-suggests \ python3-dev \ - python3-pip \ ruby-dev \ swig ``` @@ -104,7 +102,7 @@ To build and install everything under a private directory, run: make DESTDIR=~/obj install install-rubywrap install-pywrap -On Debian `PYTHON_SETUP_ARGS='--install-option "--install-layout=deb"'` needs to be set when installing the python wrappers in order to create the correct python directory structure. +On Debian `PYTHON_SETUP_ARGS=--install-layout=deb` needs to be set when installing the python wrappers in order to create the correct python directory structure. To run tests with the built libraries and programs, several paths (relative to `$DESTDIR`) need to be added to variables `$LD_LIBRARY_PATH`, `$PATH` and `$PYTHONPATH`. This can be done using [./scripts/env_use_destdir](./scripts/env_use_destdir): diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 0f6396ab..dc284832 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -187,7 +187,7 @@ install: all ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . + $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile index 57a2e55e..d983e409 100644 --- a/python/sepolicy/Makefile +++ b/python/sepolicy/Makefile @@ -27,7 +27,7 @@ test: @$(PYTHON) test_sepolicy.py -v install: - $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . + $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) From 4f9e836f9895e1d63f67193e0df4ecc1d12e50bc Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 29 Nov 2022 17:32:50 +0100 Subject: [PATCH 26/39] Use `pip install` instead of `setup.py install` Fixes: /usr/lib/python3.11/site-packages/setuptools/command/install.py:34: SetuptoolsDeprecationWarning: setup.py install is deprecated. Use build and pip and other standards-based tools. Signed-off-by: Petr Lautrbach Acked-by: James Carter --- README.md | 8 +++++++- libselinux/src/Makefile | 2 +- python/sepolicy/Makefile | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 529b7e46..c272ce89 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,9 @@ dnf install \ # For Python and Ruby bindings dnf install \ python3-devel \ + python3-pip \ + python3-setuptools \ + python3-wheel \ ruby-devel \ swig ``` @@ -92,6 +95,9 @@ apt-get install --no-install-recommends --no-install-suggests \ # For Python and Ruby bindings apt-get install --no-install-recommends --no-install-suggests \ python3-dev \ + python3-pip \ + python3-setuptools \ + python3-wheel \ ruby-dev \ swig ``` @@ -102,7 +108,7 @@ To build and install everything under a private directory, run: make DESTDIR=~/obj install install-rubywrap install-pywrap -On Debian `PYTHON_SETUP_ARGS=--install-layout=deb` needs to be set when installing the python wrappers in order to create the correct python directory structure. +On Debian `PYTHON_SETUP_ARGS='--install-option "--install-layout=deb"'` needs to be set when installing the python wrappers in order to create the correct python directory structure. To run tests with the built libraries and programs, several paths (relative to `$DESTDIR`) need to be added to variables `$LD_LIBRARY_PATH`, `$PATH` and `$PYTHONPATH`. This can be done using [./scripts/env_use_destdir](./scripts/env_use_destdir): diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index dc284832..0f6396ab 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -187,7 +187,7 @@ install: all ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile index d983e409..57a2e55e 100644 --- a/python/sepolicy/Makefile +++ b/python/sepolicy/Makefile @@ -27,7 +27,7 @@ test: @$(PYTHON) test_sepolicy.py -v install: - $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) From daf687247a70684bae6f4a3b42e4b981977bf734 Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Wed, 21 Dec 2022 21:22:00 -0800 Subject: [PATCH 27/39] libselinux: Ignore installed when installing python bindings to DESTDIR When the python bindings are installed to a destdir with pip install --prefix= --root=, pip tries to uninstall the existing root-owned package and fails Fixes: running build_ext python3 -m pip install --prefix=/usr `test -n "/tmp/selinux-release//build-master" && echo --root /tmp/selinux-release//build-master` . Processing /tmp/selinux-release/selinux-master/libselinux/src Preparing metadata (setup.py) ... done Building wheels for collected packages: selinux Building wheel for selinux (setup.py) ... done Created wheel for selinux: filename=selinux-3.4-cp310-cp310-linux_x86_64.whl size=725511 sha256=b35e9cdb2a6efce389eeece45446826b4ac6b41f81fdc128893f947036f27e8e Stored in directory: /tmp/pip-ephem-wheel-cache-kemjh99e/wheels/ca/2d/1e/d1ab52426d9add92931471cfa0d2558bcbeed89084af2388c9 Successfully built selinux Installing collected packages: selinux Attempting uninstall: selinux Found existing installation: selinux 3.4 Uninstalling selinux-3.4: ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '__init__.cpython-310.pyc' Consider using the `--user` option or check the permissions. Signed-off-by: Jason Zaman Acked-by: Petr Lautrbach --- libselinux/src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 0f6396ab..70ba063a 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -187,7 +187,7 @@ install: all ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET) install-pywrap: pywrap - $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) . install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) From d1e3170556e1023e07b3c071ce89543ead6ba6f8 Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Wed, 21 Dec 2022 22:41:51 -0800 Subject: [PATCH 28/39] python: Ignore installed when installing to DESTDIR When installing to a destdir with pip install --prefix= --root=, pip tries to uninstall the existing root-owned package and fails Fixes: python3 -m pip install --prefix=/usr `test -n "/tmp/selinux-release//build-master" && echo --root /tmp/selinux-release//build-master` . Processing /tmp/selinux-release/selinux-master/python/sepolicy Preparing metadata (setup.py) ... done Building wheels for collected packages: sepolicy Building wheel for sepolicy (setup.py) ... done Created wheel for sepolicy: filename=sepolicy-3.4-py3-none-any.whl size=1663564 sha256=229546db123e7d84613d190d49c192291b1a4f7f2a037657b39283b04ac391a4 Stored in directory: /tmp/pip-ephem-wheel-cache-50r2x4cn/wheels/b2/9e/63/6a6212a84d65a709923228719d065ed34e66a90c7fed01e8cf Successfully built sepolicy Installing collected packages: sepolicy Attempting uninstall: sepolicy Found existing installation: sepolicy 3.4 Uninstalling sepolicy-3.4: ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: 'generate.py' Consider using the `--user` option or check the permissions. Signed-off-by: Jason Zaman Acked-by: Petr Lautrbach --- python/sepolicy/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/Makefile b/python/sepolicy/Makefile index 57a2e55e..4e9e93d0 100644 --- a/python/sepolicy/Makefile +++ b/python/sepolicy/Makefile @@ -27,7 +27,7 @@ test: @$(PYTHON) test_sepolicy.py -v install: - $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` $(PYTHON_SETUP_ARGS) . + $(PYTHON) -m pip install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --ignore-installed --no-deps` $(PYTHON_SETUP_ARGS) . [ -d $(DESTDIR)$(BINDIR) ] || mkdir -p $(DESTDIR)$(BINDIR) install -m 755 sepolicy.py $(DESTDIR)$(BINDIR)/sepolicy (cd $(DESTDIR)$(BINDIR); ln -sf sepolicy sepolgen) From 013ecfd7fadaf5fee3969af406bed9bb4dd50e2a Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Thu, 22 Dec 2022 13:10:26 -0800 Subject: [PATCH 29/39] Update VERSIONs to 3.5-rc1 for release. Signed-off-by: Jason Zaman --- VERSION | 2 +- checkpolicy/VERSION | 2 +- dbus/VERSION | 2 +- gui/VERSION | 2 +- libselinux/VERSION | 2 +- libselinux/src/setup.py | 2 +- libsemanage/VERSION | 2 +- libsepol/VERSION | 2 +- mcstrans/VERSION | 2 +- policycoreutils/VERSION | 2 +- python/VERSION | 2 +- python/sepolgen/VERSION | 2 +- python/sepolicy/setup.py | 2 +- restorecond/VERSION | 2 +- sandbox/VERSION | 2 +- secilc/VERSION | 2 +- semodule-utils/VERSION | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/VERSION b/VERSION index 2f4b6075..80a3d185 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/checkpolicy/VERSION b/checkpolicy/VERSION index 2f4b6075..80a3d185 100644 --- a/checkpolicy/VERSION +++ b/checkpolicy/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/dbus/VERSION b/dbus/VERSION index 2f4b6075..80a3d185 100644 --- a/dbus/VERSION +++ b/dbus/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/gui/VERSION b/gui/VERSION index 2f4b6075..80a3d185 100644 --- a/gui/VERSION +++ b/gui/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/libselinux/VERSION b/libselinux/VERSION index 2f4b6075..80a3d185 100644 --- a/libselinux/VERSION +++ b/libselinux/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py index 6cbe3a0e..bfd94447 100644 --- a/libselinux/src/setup.py +++ b/libselinux/src/setup.py @@ -4,7 +4,7 @@ from setuptools import Extension, setup setup( name="selinux", - version="3.4", + version="3.5-rc1", description="SELinux python 3 bindings", author="SELinux Project", author_email="selinux@vger.kernel.org", diff --git a/libsemanage/VERSION b/libsemanage/VERSION index 2f4b6075..80a3d185 100644 --- a/libsemanage/VERSION +++ b/libsemanage/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/libsepol/VERSION b/libsepol/VERSION index 2f4b6075..80a3d185 100644 --- a/libsepol/VERSION +++ b/libsepol/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/mcstrans/VERSION b/mcstrans/VERSION index 2f4b6075..80a3d185 100644 --- a/mcstrans/VERSION +++ b/mcstrans/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/policycoreutils/VERSION b/policycoreutils/VERSION index 2f4b6075..80a3d185 100644 --- a/policycoreutils/VERSION +++ b/policycoreutils/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/python/VERSION b/python/VERSION index 2f4b6075..80a3d185 100644 --- a/python/VERSION +++ b/python/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/python/sepolgen/VERSION b/python/sepolgen/VERSION index 2f4b6075..80a3d185 100644 --- a/python/sepolgen/VERSION +++ b/python/sepolgen/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/python/sepolicy/setup.py b/python/sepolicy/setup.py index c8220664..80258eb1 100644 --- a/python/sepolicy/setup.py +++ b/python/sepolicy/setup.py @@ -6,7 +6,7 @@ from setuptools import setup setup( name="sepolicy", - version="3.4", + version="3.5-rc1", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", diff --git a/restorecond/VERSION b/restorecond/VERSION index 2f4b6075..80a3d185 100644 --- a/restorecond/VERSION +++ b/restorecond/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/sandbox/VERSION b/sandbox/VERSION index 2f4b6075..80a3d185 100644 --- a/sandbox/VERSION +++ b/sandbox/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/secilc/VERSION b/secilc/VERSION index 2f4b6075..80a3d185 100644 --- a/secilc/VERSION +++ b/secilc/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 diff --git a/semodule-utils/VERSION b/semodule-utils/VERSION index 2f4b6075..80a3d185 100644 --- a/semodule-utils/VERSION +++ b/semodule-utils/VERSION @@ -1 +1 @@ -3.4 +3.5-rc1 From 1fe82e5cf581158cdfa184c64218b0bade82b01a Mon Sep 17 00:00:00 2001 From: Jie Lu Date: Mon, 5 Dec 2022 17:36:44 +0800 Subject: [PATCH 30/39] policycoreutils: fix potential NULL reference in load_checks In load_checks(), add return check for malloc() to avoid NULL reference. Signed-off-by: Jie Lu Acked-by: James Carter --- policycoreutils/sestatus/sestatus.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c index 7dcc9944..6c95828e 100644 --- a/policycoreutils/sestatus/sestatus.c +++ b/policycoreutils/sestatus/sestatus.c @@ -140,6 +140,8 @@ static void load_checks(char *pc[], int *npc, char *fc[], int *nfc) pc[*npc] = (char *)malloc((buf_len) * sizeof(char)); + if (!pc[*npc]) + break; memcpy(pc[*npc], bufp, buf_len); (*npc)++; bufp = NULL; @@ -150,6 +152,8 @@ static void load_checks(char *pc[], int *npc, char *fc[], int *nfc) fc[*nfc] = (char *)malloc((buf_len) * sizeof(char)); + if (!fc[*nfc]) + break; memcpy(fc[*nfc], bufp, buf_len); (*nfc)++; bufp = NULL; From 60a0d7285d90680d0ce839ba6b169a33c91c5fb0 Mon Sep 17 00:00:00 2001 From: kkz Date: Fri, 16 Dec 2022 23:33:11 +0800 Subject: [PATCH 31/39] sepolicy: fix a spelling mistake Signed-off-by: zhaoshuang Signed-off-by: zhaoshuang Acked-by: James Carter --- python/sepolicy/sepolicy/templates/script.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/templates/script.py b/python/sepolicy/sepolicy/templates/script.py index c79738b8..564a6b38 100644 --- a/python/sepolicy/sepolicy/templates/script.py +++ b/python/sepolicy/sepolicy/templates/script.py @@ -75,7 +75,7 @@ rpmbuild --define "_sourcedir ${pwd}" --define "_specdir ${pwd}" --define "_buil """ manpage="""\ -# Generate a man page off the installed module +# Generate a man page of the installed module sepolicy manpage -p . -d DOMAINTYPE_t """ From fa936a0a302038961a4892df0773699f8e5ece03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 20 Dec 2022 16:41:34 +0100 Subject: [PATCH 32/39] libsepol: reject attributes in type av rules for kernel policies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The kernel does not support type attributes as source or target in type av rules (type_transition, type_member, type_change)[1]. Such rules should have been expanded[2]. [1]: https://github.com/SELinuxProject/selinux-kernel/blob/abe3c631447dcd1ba7af972fe6f054bee6f136fa/security/selinux/ss/services.c#L1843 [2]: https://github.com/SELinuxProject/selinux/blob/0a8c177dacdc1df96ea11bb8aa75e16c4fa82285/libsepol/src/expand.c#L1981 Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/policydb_validate.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 521ea4ff..469c14f4 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -770,12 +770,20 @@ bad: * Functions to validate a kernel policydb */ -static int validate_avtab_key(const avtab_key_t *key, int conditional, validate_t flavors[]) +static int validate_avtab_key(const avtab_key_t *key, int conditional, const policydb_t *p, validate_t flavors[]) { - if (validate_value(key->source_type, &flavors[SYM_TYPES])) - goto bad; - if (validate_value(key->target_type, &flavors[SYM_TYPES])) - goto bad; + if (p->policy_type == POLICY_KERN && key->specified & AVTAB_TYPE) { + if (validate_simpletype(key->source_type, p, flavors)) + goto bad; + if (validate_simpletype(key->target_type, p, flavors)) + goto bad; + } else { + if (validate_value(key->source_type, &flavors[SYM_TYPES])) + goto bad; + if (validate_value(key->target_type, &flavors[SYM_TYPES])) + goto bad; + } + if (validate_value(key->target_class, &flavors[SYM_CLASSES])) goto bad; switch (0xFFF & key->specified) { @@ -821,7 +829,7 @@ static int validate_avtab_key_and_datum(avtab_key_t *k, avtab_datum_t *d, void * { map_arg_t *margs = args; - if (validate_avtab_key(k, 0, margs->flavors)) + if (validate_avtab_key(k, 0, margs->policy, margs->flavors)) return -1; if ((k->specified & AVTAB_TYPE) && validate_simpletype(d->data, margs->policy, margs->flavors)) @@ -845,13 +853,13 @@ static int validate_avtab(sepol_handle_t *handle, const avtab_t *avtab, const po return 0; } -static int validate_cond_av_list(sepol_handle_t *handle, const cond_av_list_t *cond_av, validate_t flavors[]) +static int validate_cond_av_list(sepol_handle_t *handle, const cond_av_list_t *cond_av, const policydb_t *p, validate_t flavors[]) { const struct avtab_node *avtab_ptr; for (; cond_av; cond_av = cond_av->next) { for (avtab_ptr = cond_av->node; avtab_ptr; avtab_ptr = avtab_ptr->next) { - if (validate_avtab_key(&avtab_ptr->key, 1, flavors)) { + if (validate_avtab_key(&avtab_ptr->key, 1, p, flavors)) { ERR(handle, "Invalid cond av list"); return -1; } @@ -996,9 +1004,9 @@ static int validate_cond_list(sepol_handle_t *handle, const cond_list_t *cond, c for (; cond; cond = cond->next) { if (validate_cond_expr(handle, cond->expr, &flavors[SYM_BOOLS])) goto bad; - if (validate_cond_av_list(handle, cond->true_list, flavors)) + if (validate_cond_av_list(handle, cond->true_list, p, flavors)) goto bad; - if (validate_cond_av_list(handle, cond->false_list, flavors)) + if (validate_cond_av_list(handle, cond->false_list, p, flavors)) goto bad; if (validate_avrules(handle, cond->avtrue_list, 1, p, flavors)) goto bad; From d0b3d89c11227a06e441032c6ffb24985ae4842e Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 3 Jan 2023 09:32:00 +0100 Subject: [PATCH 33/39] sepolicy: Make generated boolean descriptions translatable Signed-off-by: Petr Lautrbach Acked-by: James Carter --- python/sepolicy/sepolicy/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index 68907a4f..be89dd2f 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -1222,7 +1222,7 @@ def boolean_desc(boolean): return _(booleans_dict[boolean][2]) else: desc = boolean.split("_") - return "Allow %s to %s" % (desc[0], " ".join(desc[1:])) + return _("Allow {subject} to {rest}").format(subject=desc[0], rest=" ".join(desc[1:])) def get_os_version(): From b32e85cf670798de87641005814642c7f7a80ffa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 5 Jan 2023 18:13:20 +0100 Subject: [PATCH 34/39] Correct misc typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Found by codespell(1) and typos[1]. [1]: https://github.com/crate-ci/typos Signed-off-by: Christian Göttsche Acked-by: James Carter --- libselinux/src/label_db.c | 2 +- libselinux/src/regex.c | 2 +- libselinux/src/sha1.c | 2 +- libsepol/cil/src/cil_post.c | 2 +- libsepol/cil/src/cil_resolve_ast.c | 2 +- libsepol/src/module_to_cil.c | 2 +- libsepol/tests/policies/test-deps/base-metreq.conf | 2 +- libsepol/tests/policies/test-deps/base-notmetreq.conf | 2 +- libsepol/tests/policies/test-deps/small-base.conf | 2 +- libsepol/tests/policies/test-expander/alias-base.conf | 2 +- libsepol/tests/policies/test-expander/role-base.conf | 2 +- libsepol/tests/policies/test-expander/small-base.conf | 2 +- libsepol/tests/policies/test-expander/user-base.conf | 2 +- libsepol/tests/policies/test-hooks/cmp_policy.conf | 2 +- libsepol/tests/policies/test-hooks/small-base.conf | 2 +- libsepol/tests/policies/test-linker/small-base.conf | 2 +- policycoreutils/newrole/newrole.c | 2 +- python/semanage/semanage | 2 +- python/sepolicy/sepolicy/manpage.py | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c index bd73201c..3f803037 100644 --- a/libselinux/src/label_db.c +++ b/libselinux/src/label_db.c @@ -31,7 +31,7 @@ * For example: * ---------------------------------------- * # - * # It is an example specfile for database obejcts + * # It is an example specfile for database objects * # * db_database template1 system_u:object_r:sepgsql_db_t:s0 * diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index 149a7973..ae7ad690 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -167,7 +167,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex) PCRE2_UCHAR *bytes = NULL; if (do_write_precompregex) { - /* encode the patter for serialization */ + /* encode the pattern for serialization */ rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex, 1, &bytes, &serialized_size, NULL); if (rc != 1) { diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c index a8484677..9d51e04a 100644 --- a/libselinux/src/sha1.c +++ b/libselinux/src/sha1.c @@ -11,7 +11,7 @@ // Modified to: // - stop symbols being exported for libselinux shared library - October 2015 // Richard Haines -// - Not cast the workspace from a byte array to a CHAR64LONG16 due to alignment isses. +// - Not cast the workspace from a byte array to a CHAR64LONG16 due to alignment issues. // Fixes: // sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align] // CHAR64LONG16* block = (CHAR64LONG16*) workspace; diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c index 11e572e2..a7c66ead 100644 --- a/libsepol/cil/src/cil_post.c +++ b/libsepol/cil/src/cil_post.c @@ -1193,7 +1193,7 @@ static int __cil_cat_expr_range_to_bitmap_helper(struct cil_list_item *i1, struc struct cil_cat *c2 = (struct cil_cat *)d2; if (n1->flavor == CIL_CATSET || n2->flavor == CIL_CATSET) { - cil_log(CIL_ERR, "Category sets cannont be used in a category range\n"); + cil_log(CIL_ERR, "Category sets cannot be used in a category range\n"); goto exit; } diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index f5e22c97..d2bfdc81 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -778,7 +778,7 @@ int cil_resolve_classcommon(struct cil_tree_node *current, void *extra_args) class = (struct cil_class *)class_datum; common = (struct cil_class *)common_datum; if (class->common != NULL) { - cil_log(CIL_ERR, "class cannot be associeated with more than one common\n"); + cil_log(CIL_ERR, "class cannot be associated with more than one common\n"); rc = SEPOL_ERR; goto exit; } diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index b900290a..2b24d33e 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -2330,7 +2330,7 @@ static int user_to_cil(int indent, struct policydb *pdb, struct avrule_block *bl } if (block->flags & AVRULE_OPTIONAL) { - // sensitivites in user statements in optionals do not have the + // sensitivities in user statements in optionals do not have the // standard -1 offset sens_offset = 0; } diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf index b7528dde..d8e1f40b 100644 --- a/libsepol/tests/policies/test-deps/base-metreq.conf +++ b/libsepol/tests/policies/test-deps/base-metreq.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf index eee36dca..ecd92f6f 100644 --- a/libsepol/tests/policies/test-deps/base-notmetreq.conf +++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class msg class msgq class shm diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf index 98f49c23..848d1741 100644 --- a/libsepol/tests/policies/test-deps/small-base.conf +++ b/libsepol/tests/policies/test-deps/small-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf index b950039d..34955924 100644 --- a/libsepol/tests/policies/test-expander/alias-base.conf +++ b/libsepol/tests/policies/test-expander/alias-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf index 8e88b4be..a387c8c0 100644 --- a/libsepol/tests/policies/test-expander/role-base.conf +++ b/libsepol/tests/policies/test-expander/role-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf index 055ea054..ac180f35 100644 --- a/libsepol/tests/policies/test-expander/small-base.conf +++ b/libsepol/tests/policies/test-expander/small-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf index b31ee8cd..789a59a2 100644 --- a/libsepol/tests/policies/test-expander/user-base.conf +++ b/libsepol/tests/policies/test-expander/user-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf index 9082b333..3c510bc4 100644 --- a/libsepol/tests/policies/test-hooks/cmp_policy.conf +++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf index 9082b333..3c510bc4 100644 --- a/libsepol/tests/policies/test-hooks/small-base.conf +++ b/libsepol/tests/policies/test-hooks/small-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf index 890ebbeb..15ced459 100644 --- a/libsepol/tests/policies/test-linker/small-base.conf +++ b/libsepol/tests/policies/test-linker/small-base.conf @@ -33,7 +33,7 @@ class key_socket class unix_stream_socket class unix_dgram_socket -# sysv-ipc-related clases +# sysv-ipc-related classes class sem class msg class msgq diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index c2afa37e..d9efa68a 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -1289,7 +1289,7 @@ int main(int argc, char *argv[]) /* * Step 5: Execute a new shell with the new context in `new_context'. * - * Establish context, namesapce and any options for the new shell + * Establish context, namespace and any options for the new shell */ if (optind < 1) optind = 1; diff --git a/python/semanage/semanage b/python/semanage/semanage index b21d1484..e0bd98a9 100644 --- a/python/semanage/semanage +++ b/python/semanage/semanage @@ -130,7 +130,7 @@ class SetImportFile(argparse.Action): sys.exit(1) setattr(namespace, self.dest, values) -# define dictionary for seobject OBEJCTS +# define dictionary for seobject OBJECTS object_dict = { 'login': seobject.loginRecords, 'user': seobject.seluserRecords, diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py index 1bff8f9a..a488dcbf 100755 --- a/python/sepolicy/sepolicy/manpage.py +++ b/python/sepolicy/sepolicy/manpage.py @@ -739,7 +739,7 @@ SELinux %(domainname)s policy is very flexible allowing users to setup their %(d .B STANDARD FILE CONTEXT SELinux defines the file context types for the %(domainname)s, if you wanted to -store files with these types in a diffent paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk. +store files with these types in a different paths, you need to execute the semanage command to specify alternate labeling and then use restorecon to put the labels on disk. .B semanage fcontext -a -t %(type)s '/srv/%(domainname)s/content(/.*)?' .br From 986a3fe27ea81770da9d5b2c83f1d627d46ba55b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 5 Jan 2023 18:13:39 +0100 Subject: [PATCH 35/39] libsepol: do not write empty class definitions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do not write class definitions for classes without any permission and any inherited common class. The classes are already declared in write_class_decl_rules_to_conf(). Skipping those empty definitions, which are equal to the corresponding class declarations, will enable to parse the generated policy conf file with checkpolicy, as checkpolicy does not accept class declarations after initial sid declarations. This will enable simple round-trip tests with checkpolicy. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/kernel_to_conf.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 63dffd9b..73b72b5d 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -591,16 +591,21 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) class = pdb->class_val_to_struct[i]; if (!class) continue; name = pdb->p_class_val_to_name[i]; - sepol_printf(out, "class %s", name); - if (class->comkey) { - sepol_printf(out, " inherits %s", class->comkey); - } perms = class_or_common_perms_to_str(&class->permissions); - if (perms) { - sepol_printf(out, " { %s }", perms); - free(perms); + /* Do not write empty classes, their declaration was alreedy + * printed in write_class_decl_rules_to_conf() */ + if (perms || class->comkey) { + sepol_printf(out, "class %s", name); + if (class->comkey) { + sepol_printf(out, " inherits %s", class->comkey); + } + + if (perms) { + sepol_printf(out, " { %s }", perms); + free(perms); + } + sepol_printf(out, "\n"); } - sepol_printf(out, "\n"); } exit: From 7506771e4b630fe0ab853f96574e039055cb72eb Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 10 Jan 2023 11:37:26 +0100 Subject: [PATCH 36/39] python/sepolicy: add missing booleans to man pages get_bools should return a list of booleans that can affect given type, but it did not handle non trivial conditional statements properly (returning the whole conditional statement instead of a list of booleans in the statement). e.g. for allow httpd_t spamc_t:process transition; [ httpd_can_check_spam && httpd_can_sendmail ]:True get_bools used to return [("httpd_can_check_spam && httpd_can_sendmail", False)] instead of [("httpd_can_check_spam", False), ("httpd_can_sendmail", False)] - rename "boolean" in sepolicy rule dictionary to "booleans" to suggest it can contain multiple values and make sure it is populated correctly - add "conditional" key to the rule dictionary to accommodate get_conditionals, which requires the whole conditional statement - extend get_bools search to dontaudit rules so that it covers booleans like httpd_dontaudit_search_dirs Note: get_bools uses security_get_boolean_active to get the boolean value, but the value is later used to represent the default. Not ideal, but I'm not aware of a way to get the actual defaults. Fixes: "sepolicy manpage" generates man pages that are missing booleans which are included in non trivial conditional expressions e.g. httpd_selinux(8) does not include httpd_can_check_spam, httpd_tmp_exec, httpd_unified, or httpd_use_gpg This fix, however, also adds some not strictly related booleans to some man pages. e.g. use_nfs_home_dirs and use_samba_home_dirs are added to httpd_selinux(8) Signed-off-by: Vit Mojzis Acked-by: Jason Zaman --- python/sepolicy/sepolicy/__init__.py | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index be89dd2f..e2d5c11a 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -335,7 +335,12 @@ def _setools_rule_to_dict(rule): pass try: - d['boolean'] = [(str(rule.conditional), enabled)] + d['booleans'] = [(str(b), b.state) for b in rule.conditional.booleans] + except AttributeError: + pass + + try: + d['conditional'] = str(rule.conditional) except AttributeError: pass @@ -440,12 +445,12 @@ def get_conditionals(src, dest, tclass, perm): x['source'] in src_list and x['target'] in dest_list and set(perm).issubset(x[PERMS]) and - 'boolean' in x, + 'conditional' in x, get_all_allow_rules())) try: for i in allows: - tdict.update({'source': i['source'], 'boolean': i['boolean']}) + tdict.update({'source': i['source'], 'conditional': (i['conditional'], i['enabled'])}) if tdict not in tlist: tlist.append(tdict) tdict = {} @@ -459,10 +464,10 @@ def get_conditionals_format_text(cond): enabled = False for x in cond: - if x['boolean'][0][1]: + if x['conditional'][1]: enabled = True break - return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['boolean'][0][0], x['boolean'][0][1]), cond)))) + return _("-- Allowed %s [ %s ]") % (enabled, " || ".join(set(map(lambda x: "%s=%d" % (x['conditional'][0], x['conditional'][1]), cond)))) def get_types_from_attribute(attribute): @@ -716,9 +721,9 @@ def get_boolean_rules(setype, boolean): boollist = [] permlist = search([ALLOW], {'source': setype}) for p in permlist: - if "boolean" in p: + if "booleans" in p: try: - for b in p["boolean"]: + for b in p["booleans"]: if boolean in b: boollist.append(p) except: @@ -1141,7 +1146,7 @@ def get_bools(setype): bools = [] domainbools = [] domainname, short_name = gen_short_name(setype) - for i in map(lambda x: x['boolean'], filter(lambda x: 'boolean' in x and x['source'] == setype, get_all_allow_rules())): + for i in map(lambda x: x['booleans'], filter(lambda x: 'booleans' in x and x['source'] == setype, search([ALLOW, DONTAUDIT]))): for b in i: if not isinstance(b, tuple): continue From 30b3e9d25f417cf62f0d87d2c516c34555b28b32 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 12 Jan 2023 18:14:09 +0900 Subject: [PATCH 37/39] libselinux: Workaround for heap overhead of pcre pcre's behavior is changed so that pcre2_match always allocates heap for match_data, rather than stack, regardless of size. The heap isn't freed until explicitly calling pcre2_match_data_free. This new behavior may result in heap overhead, which may increase the peak memory usage about a few megabytes. It's because regex_match is first called for regex_data objects, and then regex_data objects are freed at once. To workaround it, free match_data as soon as we call regex_match. It's fine because libselinux currently doesn't use match_data, but use only the return value. Signed-off-by: Inseob Kim Acked-by: Jason Zaman --- libselinux/src/regex.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index ae7ad690..16df6790 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -60,11 +60,13 @@ char const *regex_arch_string(void) struct regex_data { pcre2_code *regex; /* compiled regular expression */ +#ifndef AGGRESSIVE_FREE_AFTER_REGEX_MATCH /* * match data block required for the compiled * pattern in pcre2 */ pcre2_match_data *match_data; +#endif pthread_mutex_t match_mutex; }; @@ -84,11 +86,13 @@ int regex_prepare_data(struct regex_data **regex, char const *pattern_string, goto err; } +#ifndef AGGRESSIVE_FREE_AFTER_REGEX_MATCH (*regex)->match_data = pcre2_match_data_create_from_pattern((*regex)->regex, NULL); if (!(*regex)->match_data) { goto err; } +#endif return 0; err: @@ -138,10 +142,12 @@ int regex_load_mmap(struct mmap_area *mmap_area, struct regex_data **regex, if (rc != 1) goto err; +#ifndef AGGRESSIVE_FREE_AFTER_REGEX_MATCH (*regex)->match_data = pcre2_match_data_create_from_pattern((*regex)->regex, NULL); if (!(*regex)->match_data) goto err; +#endif *regex_compiled = true; } @@ -203,8 +209,12 @@ void regex_data_free(struct regex_data *regex) if (regex) { if (regex->regex) pcre2_code_free(regex->regex); + +#ifndef AGGRESSIVE_FREE_AFTER_REGEX_MATCH if (regex->match_data) pcre2_match_data_free(regex->match_data); +#endif + __pthread_mutex_destroy(®ex->match_mutex); free(regex); } @@ -213,10 +223,30 @@ void regex_data_free(struct regex_data *regex) int regex_match(struct regex_data *regex, char const *subject, int partial) { int rc; + pcre2_match_data *match_data; __pthread_mutex_lock(®ex->match_mutex); + +#ifdef AGGRESSIVE_FREE_AFTER_REGEX_MATCH + match_data = pcre2_match_data_create_from_pattern( + regex->regex, NULL); + if (match_data == NULL) { + __pthread_mutex_unlock(®ex->match_mutex); + return REGEX_ERROR; + } +#else + match_data = regex->match_data; +#endif + rc = pcre2_match( regex->regex, (PCRE2_SPTR)subject, PCRE2_ZERO_TERMINATED, 0, - partial ? PCRE2_PARTIAL_SOFT : 0, regex->match_data, NULL); + partial ? PCRE2_PARTIAL_SOFT : 0, match_data, NULL); + +#ifdef AGGRESSIVE_FREE_AFTER_REGEX_MATCH + // pcre2_match allocates heap and it won't be freed until + // pcre2_match_data_free, resulting in heap overhead. + pcre2_match_data_free(match_data); +#endif + __pthread_mutex_unlock(®ex->match_mutex); if (rc > 0) return REGEX_MATCH; From 27e1c7c8e90b98da53bfcce291b03d8f2f0f0b4d Mon Sep 17 00:00:00 2001 From: lujiev <572084868@qq.com> Date: Thu, 27 Oct 2022 16:02:18 +0800 Subject: [PATCH 38/39] checkpolicy: delete invalid spaces Closes: https://github.com/SELinuxProject/selinux/pull/372 Signed-off-by: lujiev <572084868@qq.com> Acked-by: Jason Zaman --- checkpolicy/policy_define.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 86d57017..c2ae7fe5 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -2208,7 +2208,7 @@ static int avrule_ioctl_partialdriver(struct av_ioctl_range_list *rangelist, xperms = calloc(1, sizeof(av_extended_perms_t)); if (!xperms) { yyerror("out of memory"); - return - 1; + return -1; } r = rangelist; @@ -2245,7 +2245,7 @@ static int avrule_ioctl_completedriver(struct av_ioctl_range_list *rangelist, xperms = calloc(1, sizeof(av_extended_perms_t)); if (!xperms) { yyerror("out of memory"); - return - 1; + return -1; } r = rangelist; @@ -2289,7 +2289,7 @@ static int avrule_ioctl_func(struct av_ioctl_range_list *rangelist, xperms = calloc(1, sizeof(av_extended_perms_t)); if (!xperms) { yyerror("out of memory"); - return - 1; + return -1; } r = rangelist; @@ -2352,11 +2352,11 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src) dest->flags = src->flags; if (type_set_cpy(&dest->stypes, &src->stypes)) { yyerror("out of memory"); - return - 1; + return -1; } if (type_set_cpy(&dest->ttypes, &src->ttypes)) { yyerror("out of memory"); - return - 1; + return -1; } dest->line = src->line; dest->source_filename = strdup(source_file); From 3ccea01c6926ea22aa9dbbacd32f441ecb0896bf Mon Sep 17 00:00:00 2001 From: Jason Zaman Date: Sun, 15 Jan 2023 15:40:55 -0800 Subject: [PATCH 39/39] Update VERSIONs to 3.5-rc2 for release. Signed-off-by: Jason Zaman --- VERSION | 2 +- checkpolicy/VERSION | 2 +- dbus/VERSION | 2 +- gui/VERSION | 2 +- libselinux/VERSION | 2 +- libselinux/src/setup.py | 2 +- libsemanage/VERSION | 2 +- libsepol/VERSION | 2 +- mcstrans/VERSION | 2 +- policycoreutils/VERSION | 2 +- python/VERSION | 2 +- python/sepolgen/VERSION | 2 +- python/sepolicy/setup.py | 2 +- restorecond/VERSION | 2 +- sandbox/VERSION | 2 +- secilc/VERSION | 2 +- semodule-utils/VERSION | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/VERSION b/VERSION index 80a3d185..03958198 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/checkpolicy/VERSION b/checkpolicy/VERSION index 80a3d185..03958198 100644 --- a/checkpolicy/VERSION +++ b/checkpolicy/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/dbus/VERSION b/dbus/VERSION index 80a3d185..03958198 100644 --- a/dbus/VERSION +++ b/dbus/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/gui/VERSION b/gui/VERSION index 80a3d185..03958198 100644 --- a/gui/VERSION +++ b/gui/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/libselinux/VERSION b/libselinux/VERSION index 80a3d185..03958198 100644 --- a/libselinux/VERSION +++ b/libselinux/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py index bfd94447..5594d5f1 100644 --- a/libselinux/src/setup.py +++ b/libselinux/src/setup.py @@ -4,7 +4,7 @@ from setuptools import Extension, setup setup( name="selinux", - version="3.5-rc1", + version="3.5-rc2", description="SELinux python 3 bindings", author="SELinux Project", author_email="selinux@vger.kernel.org", diff --git a/libsemanage/VERSION b/libsemanage/VERSION index 80a3d185..03958198 100644 --- a/libsemanage/VERSION +++ b/libsemanage/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/libsepol/VERSION b/libsepol/VERSION index 80a3d185..03958198 100644 --- a/libsepol/VERSION +++ b/libsepol/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/mcstrans/VERSION b/mcstrans/VERSION index 80a3d185..03958198 100644 --- a/mcstrans/VERSION +++ b/mcstrans/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/policycoreutils/VERSION b/policycoreutils/VERSION index 80a3d185..03958198 100644 --- a/policycoreutils/VERSION +++ b/policycoreutils/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/python/VERSION b/python/VERSION index 80a3d185..03958198 100644 --- a/python/VERSION +++ b/python/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/python/sepolgen/VERSION b/python/sepolgen/VERSION index 80a3d185..03958198 100644 --- a/python/sepolgen/VERSION +++ b/python/sepolgen/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/python/sepolicy/setup.py b/python/sepolicy/setup.py index 80258eb1..2284f153 100644 --- a/python/sepolicy/setup.py +++ b/python/sepolicy/setup.py @@ -6,7 +6,7 @@ from setuptools import setup setup( name="sepolicy", - version="3.5-rc1", + version="3.5-rc2", description="Python SELinux Policy Analyses bindings", author="Daniel Walsh", author_email="dwalsh@redhat.com", diff --git a/restorecond/VERSION b/restorecond/VERSION index 80a3d185..03958198 100644 --- a/restorecond/VERSION +++ b/restorecond/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/sandbox/VERSION b/sandbox/VERSION index 80a3d185..03958198 100644 --- a/sandbox/VERSION +++ b/sandbox/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/secilc/VERSION b/secilc/VERSION index 80a3d185..03958198 100644 --- a/secilc/VERSION +++ b/secilc/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2 diff --git a/semodule-utils/VERSION b/semodule-utils/VERSION index 80a3d185..03958198 100644 --- a/semodule-utils/VERSION +++ b/semodule-utils/VERSION @@ -1 +1 @@ -3.5-rc1 +3.5-rc2