The context file locations are represented using a 2-dimension array of
paths. Use a struct to simplify the syntax.
Bug: 234313751
Test: m
Change-Id: Iaf62955d1c142f4210215cecbee427e91031516e
Commit bc26ddc59c ("libsepol/cil: Limit the amount of reporting for
context rule conflicts") reworked the processing of context rule
conflicts to limit the number of written conflicting statements to
increase readability of the printed error message. It forgot to set the
return value, signaling a context conflict, in the case the logging
level is higher than warning (e.g. in semodule(8), which defaults to
error).
Reported-by: Milos Malik <mmalik@redhat.com> [1]
Fixes: bc26ddc59c ("libsepol/cil: Limit the amount of reporting for context rule conflicts")
[1]: https://lore.kernel.org/selinux/87y1u1rkoo.fsf@redhat.com/
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Support passing an optional object name to compute_create for name
based type transitions.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses. Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.
This is to help meet the OpenSSF Best Practices requirements.
Signed-off-by: Paul Moore <paul@paul-moore.com>
This change will allow a user to set the location of their
sysconfdir, defaulted to /etc, if they are installing into
nonstandard locations.
Signed-off-by: Matt Sheets <masheets@linux.microsoft.com>
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
This header file was used for all imports of android.c and
android_platform.c. Move the include directives to the source files
instead, to follow the include-what-you-use rule.
Bug: 234313751
Test: m
Change-Id: I362a722b2a3e7cd204772d8e37fa9b893184e1ce
A compilation option ANDROID_UNIT_TESTING is introduced to skip the
implicit search for /sys/fs/selinux when libselinux is first
initialized. The label functions of libselinux are used as-is (instead
of a mock or fake).
Expose the context_handle function internally so it may be called within
the unit tests.
Bug: 234313751
Test: atest --host libselinux_test
Change-Id: Ifd7f4857c959a6c7d397682ba9913dc1d1cea591
Currently, tagging a symbol with #apex (# systemapi or # llndk) is not
required when the symbol is in a non-NDK library. However, this is
considered dangerous because such a symbol will automatically be
promoted to NDK APIs when the library is promoted to an NDK library.
When that happens, the native API council won't be able to notice the
promotion because promoting a non-NDK library into an NDK library
doesn't require an update of the map.txt file, but Android.bp only.
To prevent that, we should mandate those tags for Mainline APIs
regardless of whether the library the API belongs to is an NDK library
or not.
Upcoming changes in build/soong will enforce this. This change is to
prepare for the enforcement.
Note that this is a build-time only change. There's no behavior change
at runtime.
Bug: 184712170
Test: m
Change-Id: I168fbdcf0a2a9b4e987a5410db941c0b4e4d9c35
Move sources files to the default libselinux rule so that other binaries
may reuse the same defaults (i.e., unittests). The majority of sources
can be compiled for the host.
Bug: 234313751
Test: local build for aosp_bramble-userdebug
Test: TH
Change-Id: I0b76bf79ceabd6096ab4ef03f0c8648d0636a310
Some time ago pandoc started shipping a default css file for html, while
that is nice, it limits the max-width of the body element to 36em. We
have a lot of tables, code examples, etc... in the manual that are too
big for that, requiring constant scrolling.
See https://github.com/jgm/pandoc/blob/master/data/templates/styles.html
for the default used.
While some styling, perhaps even dark/light mode support in the CSS
would be nice, I didn't manage to find a simple way to achieve this, so
for now just disable the CSS.
Expand the arguments for pandoc in the Makefile for better readability.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
It appears that a recent version of pandoc (or the library it uses)
changed where the lists are found in the XML or became more strict.
Move the lists to the right location in the document.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
Function `class_perm_node_init()` is called with `dest_perms` before it
is checked that its allocation succeeded. If the allocation fails, then
a NULL pointer is passed to `memset()` inside the
`class_perm_node_init()` function.
Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com>
CIL Reference Guide defines typetransition rule with double quotes
around object name, but those are not present in the format string.
This patch fixes this issue, so the CIL output produced by
sepol_kernel_policydb_to_cil() is in the correct format.
Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com>
Test .gitignore and make clean distclean
error: missing .gitignore entry for libselinux/src/selinux.egg-info/
error: missing .gitignore entry for python/sepolicy/sepolicy.egg-info/
Error: Process completed with exit code 1.
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/PKG-INFO
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/SOURCES.txt
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/dependency_links.txt
error: "make clean distclean" did not remove libselinux/src/selinux.egg-info/top_level.txt
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/PKG-INFO
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/SOURCES.txt
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/dependency_links.txt
error: "make clean distclean" did not remove python/sepolicy/sepolicy.egg-info/top_level.txt
Error: Process completed with exit code 1.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Clang 15 starts to complain about non strict function definitions:
user.c:172:10: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
int start() {
^
void
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
Acked-by: James Carter <jwcart2@gmail.com>
Clang 15 starts to complain about non strict function definitions:
policy_define.c:4907:30: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
int define_devicetree_context()
^
void
policy_define.c:5298:29: error: a function declaration without a prototype is deprecated in all versions of C [-Werror,-Wstrict-prototypes]
int define_ipv4_node_context()
^
void
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Reviewed-by: Daniel Burgener <dburgener@linux.microsoft.com>
Acked-by: James Carter <jwcart2@gmail.com>
Refactor the ebitmap conversions in link.c into its own function.
Do not log an OOM message twice on type_set_or_convert() failure.
Drop the now unused state parameter from type_set_or_convert() and
type_set_convert().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Validate that
- each constraint has at least one expression
- classes reference a valid common class identifier
- the role flavor is either ROLE or ATTRIB
- types reference a valid primary identifier
- types refer to a raw type, not an attribute, as bounds
- extended permissions in avtabs have a valid specifier
- type av rules refer to a raw type (e.g. type_transition)
- conditionals have at least one expression
- the state and flags of conditionals are valid
- filename transitions have at least one datum
- low ports are not bigger than high ones in port ocontexts
- genfs declarations refer to a valid class identifier
- genfs declarations contains a filesystem name
- filename transitions refer to a raw type
- permissive types are raw ones
- the range transition hashmap is valid
- the type-attribute-maps are valid
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Do not use `bool` as a parameter name, for future C version support.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
The actual policy should not be modified during validation, thus use
const pointers.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
The access vector table itself is not modified in avtab_map() thus
support passing a const pointer.
Logically the content might be changed by the passed callback, but C
does not support transitive const-ness well, and C also does not support
function overloading, e.g. like for strchr(3).
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Most global functions operating on a policy database use policydb as
prefix.
Since this function is not exported there should not be any external
use.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
The three members of struct ebitmap_node are all unconditionally
initialized. Hinder compilers to optimize malloc() and memset() into
calloc(), which might be slightly slower. Especially affects
ebitmap_or().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Iterate on nodes instead of single bits to save node resolution for each
single bit.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Iterate on nodes instead of single bits to save node resolution for each
single bit.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Iterate on nodes instead of single bits to save node resolution for each
single bit.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Especially in the case of __cil_permissionx_expr_range_to_bitmap_helper()
it substitutes hundreds of thousand of calls to ebitmap_set_bit() during
semodule(8) on a policy widely using extended permissions.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
Add an initializer for ebitmaps that sets all bits in a given range to
save node traversals for each bit to set, compared to calling
ebitmap_init() followed by iterating ebitmap_set_bit().
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
