From 16796d8dc19cffe55896b75e4a88832f2a25450b Mon Sep 17 00:00:00 2001 From: Yuli Khodorkovskiy Date: Wed, 15 Apr 2015 09:51:42 -0400 Subject: [PATCH 01/11] libsepol: Don't use symbol versioning for static object files Libraries such as libqpol that link with libsepol statically do not understand the symbolic versioning in libsepol. This patch disables the symbolic versioning in libsepol if building the static library or building for Android. Signed-off-by: Yuli Khodorkovskiy Acked-by: Stephen Smalley Acked-by: Steve Lawrence --- libsepol/cil/src/cil.c | 21 +++++++++++---------- libsepol/cil/src/dso.h | 27 +++++++++++++++++++++++++++ libsepol/src/dso.h | 4 ++++ 3 files changed, 42 insertions(+), 10 deletions(-) create mode 100644 libsepol/cil/src/dso.h diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index b8526287..5c53bf33 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -50,8 +50,9 @@ #include "cil_binary.h" #include "cil_policy.h" #include "cil_strpool.h" +#include "dso.h" -#ifndef ANDROID +#ifndef DISABLE_SYMVER asm(".symver cil_build_policydb_pdb, cil_build_policydb@"); asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); @@ -354,7 +355,7 @@ exit: return rc; } -#ifdef ANDROID +#ifdef DISABLE_SYMVER int cil_compile(struct cil_db *db) #else int cil_compile_nopdb(struct cil_db *db) @@ -402,7 +403,7 @@ exit: return rc; } -#ifndef ANDROID +#ifndef DISABLE_SYMVER int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) { return cil_compile_nopdb(db); @@ -424,7 +425,7 @@ exit: } #endif -#ifdef ANDROID +#ifdef DISABLE_SYMVER int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) #else int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) @@ -1116,7 +1117,7 @@ const char * cil_node_to_string(struct cil_tree_node *node) return ""; } -#ifdef ANDROID +#ifdef DISABLE_SYMVER int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) #else int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) @@ -1165,7 +1166,7 @@ exit: } -#ifndef ANDROID +#ifndef DISABLE_SYMVER int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) { return cil_userprefixes_to_string_nopdb(db, out, size); @@ -1357,7 +1358,7 @@ static int __cil_level_to_string(struct cil_level *lvl, char *out) return str_tmp - out; } -#ifdef ANDROID +#ifdef DISABLE_SYMVER int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) #else int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) @@ -1418,14 +1419,14 @@ int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size return SEPOL_OK; } -#ifndef ANDROID +#ifndef DISABLE_SYMVER int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) { return cil_selinuxusers_to_string_nopdb(db, out, size); } #endif -#ifdef ANDROID +#ifdef DISABLE_SYMVER int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) #else int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) @@ -1547,7 +1548,7 @@ int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) return SEPOL_OK; } -#ifndef ANDROID +#ifndef DISABLE_SYMVER int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) { return cil_filecons_to_string_nopdb(db, out, size); diff --git a/libsepol/cil/src/dso.h b/libsepol/cil/src/dso.h new file mode 100644 index 00000000..a06e3496 --- /dev/null +++ b/libsepol/cil/src/dso.h @@ -0,0 +1,27 @@ +#ifndef _SEPOL_DSO_H +#define _SEPOL_DSO_H 1 + +#if !defined(SHARED) || defined(ANDROID) + #define DISABLE_SYMVER 1 +#endif + +#ifdef SHARED +# define hidden __attribute__ ((visibility ("hidden"))) +# define hidden_proto(fct) __hidden_proto (fct, fct##_internal) +# define __hidden_proto(fct, internal) \ + extern __typeof (fct) internal; \ + extern __typeof (fct) fct __asm (#internal) hidden; +# if defined(__alpha__) || defined(__mips__) +# define hidden_def(fct) \ + asm (".globl " #fct "\n" #fct " = " #fct "_internal"); +# else +# define hidden_def(fct) \ + asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); +#endif +#else +# define hidden +# define hidden_proto(fct) +# define hidden_def(fct) +#endif + +#endif diff --git a/libsepol/src/dso.h b/libsepol/src/dso.h index 5c69aaef..a06e3496 100644 --- a/libsepol/src/dso.h +++ b/libsepol/src/dso.h @@ -1,6 +1,10 @@ #ifndef _SEPOL_DSO_H #define _SEPOL_DSO_H 1 +#if !defined(SHARED) || defined(ANDROID) + #define DISABLE_SYMVER 1 +#endif + #ifdef SHARED # define hidden __attribute__ ((visibility ("hidden"))) # define hidden_proto(fct) __hidden_proto (fct, fct##_internal) From 9df498884665d79474b79f0f30d1cd67df11bd3e Mon Sep 17 00:00:00 2001 From: Ben Shelton Date: Wed, 15 Apr 2015 15:56:57 -0500 Subject: [PATCH 02/11] libselinux: Mount procfs before checking /proc/filesystems In the case where the SELinux security module is not loaded in the kernel and it's early enough in the boot process that /proc has not yet been mounted, selinuxfs_exists() will incorrectly return 1, and selinux_init_load_policy() will print a message like this to the console: Mount failed for selinuxfs on /sys/fs/selinux: No such file or directory To fix this, mount the procfs before attempting to open /proc/filesystems, and unmount it when done if it was initially not mounted. This is the same thing that selinux_init_load_policy() does when reading /proc/cmdline. Signed-off-by: Ben Shelton --- libselinux/src/init.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/libselinux/src/init.c b/libselinux/src/init.c index 6d1ef33e..179e0d06 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -11,6 +11,7 @@ #include #include #include +#include #include "dso.h" #include "policy.h" @@ -54,15 +55,20 @@ static int verify_selinuxmnt(const char *mnt) int selinuxfs_exists(void) { - int exists = 0; + int exists = 0, mnt_rc = 0; FILE *fp = NULL; char *buf = NULL; size_t len; ssize_t num; + mnt_rc = mount("proc", "/proc", "proc", 0, 0); + fp = fopen("/proc/filesystems", "r"); - if (!fp) - return 1; /* Fail as if it exists */ + if (!fp) { + exists = 1; /* Fail as if it exists */ + goto out; + } + __fsetlocking(fp, FSETLOCKING_BYCALLER); num = getline(&buf, &len, fp); @@ -76,6 +82,14 @@ int selinuxfs_exists(void) free(buf); fclose(fp); + +out: +#ifndef MNT_DETACH +#define MNT_DETACH 2 +#endif + if (mnt_rc == 0) + umount2("/proc", MNT_DETACH); + return exists; } hidden_def(selinuxfs_exists) From c4bd3964928d099d4857ca5229a3e1d7effa40fd Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 07:50:25 -0400 Subject: [PATCH 03/11] Update libselinux ChangeLog. Signed-off-by: Stephen Smalley --- libselinux/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/libselinux/ChangeLog b/libselinux/ChangeLog index b33b3db7..bde6d4cf 100644 --- a/libselinux/ChangeLog +++ b/libselinux/ChangeLog @@ -1,3 +1,4 @@ + * Mount procfs before checking /proc/filesystems, from Ben Shelton. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * label_file: handle newlines in file names, from Nick Kralevich. * getcon.3: Fix setcon description, from Stephen Smalley. From c304a7d82e2627ddf1d52c7059cb5b5355465d65 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 07:53:29 -0400 Subject: [PATCH 04/11] Update libsepol ChangeLog. Signed-off-by: Stephen Smalley --- libsepol/ChangeLog | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libsepol/ChangeLog b/libsepol/ChangeLog index 900ffd05..e1ee5642 100644 --- a/libsepol/ChangeLog +++ b/libsepol/ChangeLog @@ -1,4 +1,5 @@ - * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter + * Don't use symbol versioning for static object files, from Yuli Khodorkovskiy. + * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(), and sepol_ppfile_to_module_package(), from James Carter. * Move secilc out of libsepol, from Yuli Khodorkovskiy. * fix building Xen policy with devicetreecon, and add devicetreecon CIL documentation, from Richard Haines. From 39b5c1028c4d4fbec56273f1f56149b3274fa14d Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 15 Apr 2015 15:07:22 -0700 Subject: [PATCH 05/11] Add empty top level Android.mk / CleanSpec.mk files Needed to allow Android to keep building with a copy of the SELinux source code checked into external/selinux Bug: 19963152 Change-Id: I4e192bb6ca5d185e11540aca7253e729d92a00c1 --- Android.mk | 2 ++ CleanSpec.mk | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 Android.mk create mode 100644 CleanSpec.mk diff --git a/Android.mk b/Android.mk new file mode 100644 index 00000000..02f35a9c --- /dev/null +++ b/Android.mk @@ -0,0 +1,2 @@ +# This empty Android.mk file will prevent the build system +# from building anything below this point. diff --git a/CleanSpec.mk b/CleanSpec.mk new file mode 100644 index 00000000..1ac5a628 --- /dev/null +++ b/CleanSpec.mk @@ -0,0 +1,2 @@ +# This empty CleanSpec.mk file will prevent the build system +# from descending into subdirs. From 082f1d1274bac6fafa0d107f5780730eb9fb5172 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 08:18:57 -0400 Subject: [PATCH 06/11] libselinux: Remove deprecated mudflap option. The mudflap run time checker was removed in GCC 4.9. The option no longer does anything and triggers a warning from gcc 4.9 and later. Remove it. We might want to add -fsanitize=address to enable AddressSanitizer in its place, but that should be a separate change. Signed-off-by: Stephen Smalley --- libselinux/src/Makefile | 2 +- libselinux/utils/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 82cb6ede..ac25c1fa 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -59,7 +59,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ - -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ + -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \ -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile index f4699242..54995385 100644 --- a/libselinux/utils/Makefile +++ b/libselinux/utils/Makefile @@ -11,7 +11,7 @@ CFLAGS ?= -O -Wall -W -Wundef -Wformat-y2k -Wformat-security -Winit-self -Wmissi -Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes \ -Wmissing-declarations -Wmissing-noreturn -Wmissing-format-attribute \ -Wredundant-decls -Wnested-externs -Winline -Winvalid-pch -Wvolatile-register-var \ - -Wdisabled-optimization -Wbuiltin-macro-redefined -Wmudflap -Wpacked-bitfield-compat \ + -Wdisabled-optimization -Wbuiltin-macro-redefined -Wpacked-bitfield-compat \ -Wsync-nand -Wattributes -Wcoverage-mismatch -Wmultichar -Wcpp \ -Wdeprecated-declarations -Wdiv-by-zero -Wdouble-promotion -Wendif-labels -Wextra \ -Wformat-contains-nul -Wformat-extra-args -Wformat-zero-length -Wformat=2 -Wmultichar \ From 549912d22971303b76c0585ec03b80133c623acd Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Fri, 27 Mar 2015 16:13:34 -0400 Subject: [PATCH 07/11] org.selinux.policy: Require auth_admin_keep for all actions. Fedora permits obtaining local policy customizations and the list of policy modules without admin authentication, but we would prefer more conservative defaults upstream. Signed-off-by: Stephen Smalley --- policycoreutils/sepolicy/org.selinux.policy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policycoreutils/sepolicy/org.selinux.policy b/policycoreutils/sepolicy/org.selinux.policy index 44ae6257..01266102 100644 --- a/policycoreutils/sepolicy/org.selinux.policy +++ b/policycoreutils/sepolicy/org.selinux.policy @@ -40,7 +40,7 @@ no no - yes + auth_admin_keep @@ -49,7 +49,7 @@ no no - yes + auth_admin_keep From 974f565415b595e7307b2f792af27a012d010edb Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 09:51:31 -0400 Subject: [PATCH 08/11] Update libselinux ChangeLog. Signed-off-by: Stephen Smalley --- libselinux/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/libselinux/ChangeLog b/libselinux/ChangeLog index bde6d4cf..e15b4bcf 100644 --- a/libselinux/ChangeLog +++ b/libselinux/ChangeLog @@ -1,3 +1,4 @@ + * Remove deprecated mudflap option, from Stephen Smalley. * Mount procfs before checking /proc/filesystems, from Ben Shelton. * Fix -Wformat errors with gcc-5.0.0, from Petr Lautrbach. * label_file: handle newlines in file names, from Nick Kralevich. From b03543cdc04265503de7c96e4ef2d0b29c504d89 Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 09:52:05 -0400 Subject: [PATCH 09/11] Update policycoreutils ChangeLog. Signed-off-by: Stephen Smalley --- policycoreutils/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/ChangeLog b/policycoreutils/ChangeLog index 7e451563..ab3c4e71 100644 --- a/policycoreutils/ChangeLog +++ b/policycoreutils/ChangeLog @@ -1,3 +1,4 @@ + * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. * hll: Move core functions of pp to libsepol, from James Carter * run_init: Use a ring buffer in open_init_pty, from Jason Zaman. * run_init: fix open_init_pty availability check, from Nicolas Iooss. From 219eea83cea9336fc61ee6def5e114067e0c5040 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 16 Apr 2015 17:22:22 +0200 Subject: [PATCH 10/11] policycoreutils: setfiles/restorecon: fix -r/-R option A spec file was incorrectly stored as rootpath when -r option was used Fixes: /sbin/setfiles: /tmp/install_root is not located in /etc/selinux/targeted/contexts/files/file_contexts Signed-off-by: Petr Lautrbach --- policycoreutils/setfiles/setfiles.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/policycoreutils/setfiles/setfiles.c b/policycoreutils/setfiles/setfiles.c index 86d3f283..9ac3ebd3 100644 --- a/policycoreutils/setfiles/setfiles.c +++ b/policycoreutils/setfiles/setfiles.c @@ -153,6 +153,9 @@ int main(int argc, char **argv) int recurse; /* Recursive descent. */ const char *base; int mass_relabel = 0, errors = 0; + const char *ropts = "e:f:hilno:pqrsvFRW0"; + const char *sopts = "c:de:f:hilno:pqr:svFR:W0"; + const char *opts; memset(&r_opts, 0, sizeof(r_opts)); @@ -196,6 +199,7 @@ int main(int argc, char **argv) r_opts.add_assoc = 1; r_opts.fts_flags = FTS_PHYSICAL | FTS_XDEV; ctx_validate = 1; + opts = sopts; } else { /* * restorecon: @@ -215,6 +219,7 @@ int main(int argc, char **argv) r_opts.add_assoc = 0; r_opts.fts_flags = FTS_PHYSICAL; ctx_validate = 0; + opts = ropts; /* restorecon only: silent exit if no SELinux. Allows unconditional execution by scripts. */ @@ -226,7 +231,7 @@ int main(int argc, char **argv) r_opts.nfile = exclude_non_seclabel_mounts(); /* Process any options. */ - while ((opt = getopt(argc, argv, "c:de:f:hilno:pqrsvFRW0")) > 0) { + while ((opt = getopt(argc, argv, opts)) > 0) { switch (opt) { case 'c': { @@ -315,18 +320,13 @@ int main(int argc, char **argv) recurse = 1; break; } - if (optind + 1 >= argc) { - fprintf(stderr, "usage: %s -r rootpath\n", - argv[0]); - exit(-1); - } if (NULL != r_opts.rootpath) { fprintf(stderr, "%s: only one -r can be specified\n", argv[0]); exit(-1); } - set_rootpath(argv[optind++]); + set_rootpath(optarg); break; case 's': use_input_file = 1; From 220151c0ef65306fdafbf3bc2d67ac41db70afaf Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Thu, 16 Apr 2015 11:41:46 -0400 Subject: [PATCH 11/11] Update policycoreutils ChangeLog. Signed-off-by: Stephen Smalley --- policycoreutils/ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/ChangeLog b/policycoreutils/ChangeLog index ab3c4e71..af46b6c8 100644 --- a/policycoreutils/ChangeLog +++ b/policycoreutils/ChangeLog @@ -1,3 +1,4 @@ + * setfiles/restorecon: fix -r/-R option, from Petr Lautrbach. * org.selinux.policy: Require auth_admin_keep for all actions, from Stephen Smalley. * hll: Move core functions of pp to libsepol, from James Carter * run_init: Use a ring buffer in open_init_pty, from Jason Zaman.