Commit graph

2392 commits

Author SHA1 Message Date
Nicolas Iooss
20db6a5a73
python/sepolgen: silence linter warning about has_key
flake8 warns about using has_key():

    python/sepolgen/src/sepolgen/refparser.py:315:15: W601 .has_key() is
    deprecated, use 'in'

However "spt.has_key(id)" uses function SupportMacros.has_key(), which
is not the same as the "in" operator. Silence this warning by using "#
noqa".

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:09 +02:00
Nicolas Iooss
3d3c51d607
python/sepolgen: fix refpolicy parsing of "permissive"
p_permissive() uses an undefined variable t, which is buggy. In order to
ignore permissive statements, the function only needs to "pass".

flake8 reported the following error:

    python/sepolgen/src/sepolgen/refparser.py:789:5: F821 undefined name 't'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
495c4c894a
python/sepolicy: use lowercase variable name
SELinuxGui.files_initial_data_insert() uses both "seLinux_label" and
"selinux_label", which leads to using an undefined variable, as reported
by flake8:

    python/sepolicy/sepolicy/gui.py:1191:42: F821 undefined name 'selinux_label'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
1fb0c7790c
python/sepolicy: drop unused CheckPolicyType
CheckPolicyType class is not used in sepolicy and has been written from
an buggy copy-paste: "newval.append(v)" does not make any sense in
CheckPolicyType.__call__, as reported by flake8:

    python/sepolicy/sepolicy.py:190:13: F821 undefined name 'newval'
    python/sepolicy/sepolicy.py:190:27: F821 undefined name 'v'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
a0c167ed22
python/sepolgen: return NotImplemented instead of raising it
sepolgen uses "return NotImplemented" (in access.py and matching.py) in
order to make Python's sorting function use an other call to compare
objects. For this to work, "NotImplemented" needs to be returned, not
raised like _compare's default implementation does.

This issue has been found using flake8. This Python linter reported:

    python/sepolgen/src/sepolgen/util.py:128:9: F901 'raise
    NotImplemented' should be 'raise NotImplementedError'

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:08 +02:00
Nicolas Iooss
03c708d28d
python/sepolgen: do not import twice the modules
util.py starts by importing "locale" and "sys", so there is no need to
import these modules again in the functions.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:07 +02:00
Nicolas Iooss
646bdeb939
libselinux: fix flake8 warnings in SWIG-generated code
flake8, a Python linter, complains:

    libselinux/src/selinux.py💯1: F401 'errno' imported but unused
    libselinux/src/selinux.py💯1: F401 'stat' imported but unused
    libselinux/src/selinux.py💯14: E401 multiple imports on one line
    libselinux/src/selinux.py:130:16: E111 indentation is not a multiple of four
    libselinux/src/selinux.py:130:45: E231 missing whitespace after ','

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-15 22:12:07 +02:00
Nicolas Iooss
f6e7613bd3
python/semanage: fix Python syntax of catching several exceptions
"except OSError, ImportError:" does not perform what it says: it is the
Python 2 syntax of catching OSError exceptions as "ImportError" (like
"except OSError, e:"), and this is indeed caught by Python3:

      File "./python/semanage/seobject.py", line 143
        except OSError, ImportError:
                      ^
    SyntaxError: invalid syntax

The correct syntax consists in using parentheses.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-08-06 22:06:48 +02:00
Vit Mojzis
b12e246739 python/semanage: Replace bare except with specific one
The corresponding except clause should only be used for
exceptions caused by audit module error or unavailability.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-07-14 18:00:25 +02:00
Vit Mojzis
cf8eed5431 python/semanage: Fix logger class definition
Test if audit module is enabled so that logger class is defined
correctly.

Fixes:
"semanage fcontext -l" fails with "OSError: Protocol not supported" when
booting with audit=0

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-07-14 17:59:56 +02:00
Nicolas Iooss
d0ca433e21
mcstrans: fix memory leaks reported by clang's static analyzer
There are many memory leaks in mcstrans. Clean them up in order to
reduce the noise in clang's static analyzer report. Some are remaining,
because they are more complex to fix.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:09:06 +02:00
Nicolas Iooss
f9a56ed765
Travis-CI: use new location of refpolicy repository
refpolicy moved from github.com/TresysTechnology to
github.com/SELinuxProject. It is still used in sepolgen tests (they
build modules using Makefile.devel and build.conf) so update the
location of the repository.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:08:57 +02:00
Nicolas Iooss
2b0fbebd50
restorecond: close the PID file if writing to it failed
write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
it fails to write the PID to it. Close the file before returning.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-07-04 22:08:27 +02:00
Yuri Chornoivan
f032946cf9 Fix minor typos
Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
2018-06-30 20:28:25 +02:00
Vit Mojzis
5e33a44c66 python/semanage: Stop logging loginRecords changes
semanage_seuser_modify_local and semanage_seuser_del_local already do
the logging.
Moreover, semanage log for loginRecords.__add was flawed since it
reported old-{seuser,role,range} of default user instead of None. This
was caused by selinux.getseuserbyname, which returns values for default
user when the specified username is not found.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1294663

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2018-06-26 09:53:16 -04:00
Jan Zarsky
42b4a44b74 python: add xperms support to audit2allow
Add support for extended permissions to audit2allow. Extend AuditParser
to parse the 'ioctlcmd' field in AVC message. Extend PolicyGenerator to
generate allowxperm rules. Add the '-x'/'--xperms' option to audit2allow
to turn on generating of extended permission AV rules.

AVCMessage parses the ioctlcmd field in AVC messages. AuditParser
converts the ioctlcmd values into generic representation of extended
permissions that is stored in access vectors.

Extended permissions are represented by operations (currently only
'ioctl') and values associated to the operations. Values (for example
'~{ 0x42 1234 23-34 }') are stored in the XpermSet class.

PolicyGenerator contains new method to turn on generating of xperms.
When turned on, for each access vector, standard AV rule and possibly
several xperm AV rules are generated. Xperm AV rules are represented by
the AVExtRule class.

With xperm generating turned off, PolicyGenerator provides comments
about extended permissions in certain situations. When the AVC message
contains the ioctlcmd field and the access would be allowed according to
the policy, PolicyGenerator warns about xperm rules being the possible
cause of the denial.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:36:14 +02:00
Jan Zarsky
474f9b08d4 python/sepolgen: fix access vector initialization
In access module, in AccessVector.__init__() method, when init_list is
not None, the access vector is initialized by from_list() method.
However, this method does not assign attributes self.audit_msgs,
self.type, and self.data. Fix this by assigning these attributes in
__init__() method.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:34:53 +02:00
Jan Zarsky
a98314d8c1 python/sepolgen: print all AV rules correctly
In refpolicy module, in AVRule.__rule_type_str() method, self.rule_type
was not checked for value self.NEVERALLOW so that string "neverallow"
was never returned. Fix this by checking all four possible values and
returning correct strings.

Signed-off-by: Jan Zarsky <jzarsky@redhat.com>
2018-06-16 10:34:53 +02:00
Nicolas Iooss
416900cb11 scripts: add a helper script to run clang's static analyzer
Using clang's static analyzer is as simple as running "scan-build make",
but in order to obtain clean and reproducible results, the build
environment has to be cleaned beforehand ("make clean distclean").

Moreover the project requires running "make install" before "make test"
in order to install the dependencies needed for the tests, and running
these tests with the newly-built libraries requires a specific
LD_LIBRARY_PATH. This new script takes care of setting up everything
which is needed.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:03:17 -04:00
Nicolas Iooss
45f0525b8e libsepol/cil: use a colon instead of a semicolon to report rc
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:03:04 -04:00
Nicolas Iooss
e303de242c libsepol/tests: fix use of unitialized variable
When write_binary_policy() fails to open the binary policy, it calls
sepol_handle_destroy(f.handle) but structure f has not been initialized
at this point. Use variable handle instead.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:02:42 -04:00
Nicolas Iooss
49a4963911 libsepol/tests: read_binary_policy() does not use f.handle
f.handle is never set in read_binary_policy() so there is no need to
call sepol_handle_destroy() on it. Moreover clang's static analyzer
warns about an uninitialized argument value in the first call.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-15 09:00:54 -04:00
Nicolas Iooss
819c605bfc policycoreutils/hll/pp: remove unused variable
pp's main() never set outfd to anything else than -1 so there is no
point in closing it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
b614069e66 policycoreutils/secon: free scon_trans before returning
disp_con() leaks scon_trans if it returns early.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
0ed08c8ffe policycoreutils/secon: fix typo in comment
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Nicolas Iooss
91ef21e31f python/sepolgen: fix typo in PathChoooser name
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-06-06 15:56:45 -04:00
Laurent Bigonville
e3b9ecc51d restorecond: Fix consistancy of DESTDIR usage 2018-06-02 20:21:25 +02:00
Laurent Bigonville
ad83ab51c0 libselinux: fix the whatis line for the selinux_boolean_sub.3 manpage
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:49 +02:00
Laurent Bigonville
c6629b0db8 libselinux: Fix line wrapping in selabel_file.5
Fix line wrapping with limited to 80 columns

Fix lintian error:
W: selinux-utils: manpage-has-errors-from-man usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust line

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:49 +02:00
Laurent Bigonville
f42c3d4564 libselinux: Fix spelling errors in manpages
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:07:48 +02:00
Laurent Bigonville
3ef0fef845 secilc: Make the clean target call the clean target of docs/
Thanks to Russell Coker <russell@coker.com.au>

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899083

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2018-05-30 22:06:43 +02:00
Laurent Bigonville
c62fe252eb policycoreutils: Fix typo in newrole.1 manpage 2018-05-30 22:05:55 +02:00
Nicolas Iooss
a761a88aab
libsepol: destroy the copied va_list
va_copy()'s manpage [1] states:

    Each invocation of va_copy() must be matched by a corresponding
    invocation of va_end() in the same function.

create_str_helper() is using va_copy() without va_end(). Add the missing
call.

[1] https://linux.die.net/man/3/va_copy

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 22:00:17 +02:00
Nicolas Iooss
daa00b2899
checkpolicy: destroy the class datum if it fails to initialize
require_class() allocate memory for its variable "class_datum_t *datum"
and calls symtab_init(&datum->permissions, PERM_SYMTAB_SIZE). If this
second call fails, datum is not freed.

Fix this memory leak.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 22:00:13 +02:00
Nicolas Iooss
29636c5ddc
libsepol: remove unused variable
sepol_ppfile_to_module_package() does not use its variable "FILE *f =
NULL;" but to fclose() it. This variable has been unneeded since the
introduction of function ppfile_to_module_package() in commit
893851c0a1 ("policycoreutils: add a HLL compiler to convert policy
packages (.pp) to CIL").

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 22:00:10 +02:00
Nicolas Iooss
db921c0601
libsepol: do not call malloc with 0 byte
clang's static analyzer reports that ebitmap_to_names() can call
malloc(0) when the bitmap is empty. If malloc() returns NULL, this
triggers a misleading "Out of memory" error.

Work around this by treating empty bitmaps as appropriate.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 22:00:06 +02:00
Nicolas Iooss
1f8e748187
libsepol: remove some dead assignments
clang's static analyzer warns about dead assignments to local variables.
In module_to_cil.c, there are some which are quite straightforward to
review. Remove them.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 22:00:03 +02:00
Nicolas Iooss
2dc6406a30
libsepol: do not leak memory if list_prepend fails
When list_prepend() returns an error, it always means it failed to
allocate some memory and does not hold any reference to its argument
data. This argument needs to be freed by the caller in order to prevent
a memory leak.

While reviewing list_prepend() callers, I spend quite some time
understanding why typealiases_gather_map() does not need to strdup(key)
or free(key) when calling list_prepend(..., key) even though "key" comes
from pdb->p_types.table: because typealias_list_destroy() does not free
the inserted items. Add a comment to make this clearer in the code.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 21:59:59 +02:00
Nicolas Iooss
57e1ab328c
libsepol: cil: silence clang analyzer false positive
In cil_tree_print_expr(), "rc < 0" is equivalent to "rc != 0" but
clang's static analyzer does not know about this. Help it.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-30 21:59:52 +02:00
Stephen Smalley
a9f8a101fd Update VERSIONs to 2.8 for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-24 14:21:09 -04:00
Jason Zaman
b2d710d959 travis.yml: add ruby 2.5 to the test matrix
Ruby 2.5 is not installed by default, force reinstall with rvm

Signed-off-by: Jason Zaman <jason@perfinion.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2018-05-22 23:47:20 +08:00
Jason Zaman
f1735ebbec genhomedircon: sysconf can return -1 without failure
from getpwnam_r(3): "The call sysconf(_SC_GETPW_R_SIZE_MAX) returns
either -1, without changing errno, or an initial suggested size for buf.
(If this size is too small, the call fails with ERANGE, in which case
the caller can retry with a larger buffer.)"

The same can happen for _SC_GETGR_R_SIZE_MAX. 1024 appears to be a good
fallback but may need revisiting in the future.

This triggered an error on musl libc but could happen other places too.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-17 13:08:34 +08:00
Jason Zaman
178c552e46 restorecond: Musl compatibility for GLOB_BRACE and GLOB_TILDE
musl doesn't implement GLOB_BRACE and GLOB_TILDE, so simply don't use
them there. This affects restorecond -u but braces are not used in the
example configs. GLOB_TILDE is on the roadmap[1] for musl 1.1.21 so
restorecond -u should be fine soon.

[1]: https://wiki.musl-libc.org/roadmap.html

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-17 13:08:34 +08:00
Luis Ressel
310470235a setfiles: Musl compatibility for GLOB_BRACE and GLOB_TILDE
musl doesn't implement GLOB_BRACE and GLOB_TILDE, so simply don't use
them there. This only affects "setfiles -f", which I don't expect many
people use, and it's undocumented anyway that it expands globs.

Signed-off-by: Luis Ressel <aranea@aixah.de>
Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-17 13:07:33 +08:00
Jason Zaman
ab0e27003e libselinux: enable linking to musl-fts
Musl libc does not include the fts(3) functions so need to link to the
musl-fts library
https://github.com/pullmoll/musl-fts

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-17 13:07:33 +08:00
Jason Zaman
42f0376228 sestatus: include limits.h for PATH_MAX
compile fails on musl libc because it cant find PATH_MAX.

Signed-off-by: Jason Zaman <jason@perfinion.com>
2018-05-16 16:27:17 +08:00
Alan Jenkins
5ddfc0371a policycoreutils: fixfiles: failure to create /.autorelabel is fatal
Fix the following ambiguous output (from booting with init=/bin/sh):

    # /usr/sbin/fixfiles onboot
    /usr/sbin/fixfiles: line 313: /.autorelabel: Read-only file system
    /usr/sbin/fixfiles: line 317: /.autorelabel: Read-only file system
    System will relabel on next boot

System will not relabel on next boot if we couldn't create ./autorelabel

(In case anyone reading this description is still confused: To run
`fixfiles onboot` after booting with init=/bin/sh, you must first run
`mount / -oremount,rw`).
2018-05-15 13:51:04 -04:00
Stephen Smalley
20c9b4971e Update VERSION files to 2.8-rc3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-10 11:08:22 -04:00
Stephen Smalley
3ca8762efd libsepol: cil: prevent stack buffer overflow in cil_expr_to_string
Fix the test to prevent overflowing the stack buffer for
boolean expressions.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-09 11:22:46 -04:00
Stephen Smalley
84b19ae72e libsemanage: prevent string overflow on final paths
Verify that the final path does not exceed the size of the
buffer before copying.  This can only occur if an alternate
path for the policy root and/or the policy store root has been
specified and if the resulting path would exceed PATH_MAX. A
similar check is already applied by semanage_make_final().

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2018-05-08 10:24:00 -04:00