Commit graph

345 commits

Author SHA1 Message Date
Stephen Smalley
50788b155d Update libselinux and policycoreutils ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-03-13 14:18:34 -04:00
Petr Lautrbach
417cb8d076 Fix -Wformat errors
Fixes two types of errors which appear when building with gcc-5.0.0

- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2015-03-13 14:14:23 -04:00
Stephen Smalley
ae44b7bb39 libselinux: sefcontext_compile: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 12:20:42 -05:00
Stephen Smalley
07ed7784cf Update libselinux ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:50:56 -05:00
Nick Kralevich
716e3820c5 libselinux: label_file: handle newlines in file names
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.

See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.

Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-24 10:42:09 -05:00
Stephen Smalley
b2beb5304d Update libselinux Changelog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 11:08:51 -05:00
Stephen Smalley
2d5ac1c931 libselinux: getcon.3: Fix setcon description.
The man page description for setcon() was never updated for the
introduction of bounded transitions in Linux 2.6.28.  Update it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-23 10:54:56 -05:00
Stephen Smalley
d8b2a0ab50 Update libselinux and policycoreutils ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:46:45 -05:00
Stephen Smalley
914e591c41 libselinux: fix audit2why error handling if SELinux is disabled.
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null):  Bad address

We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy.  But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy.  Handle this case and provide a hint to
the user.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-13 10:15:34 -05:00
Stephen Smalley
54075fb3cd Update libselinux and libsepol ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-03 11:25:41 -05:00
Stephen Smalley
1434267419 libselinux: pcre_study can return NULL without error.
Per the man page, pcre_study can return NULL without error if
it could not find any additional information.  Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.

Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 16:11:10 -05:00
Robert Craig
eb0ba200b5 libselinux: Adjustments to android property backend.
Allow the android property backend parser to accept the
SELABEL_OPT_VALIDATE option and to perform a validate
callback.

Extracted from the Android external/libselinux tree.

Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
2015-02-02 15:36:13 -05:00
Stephen Smalley
2fa21cc840 libselinux: Only check SELinux enabled status once in selinux_check_access().
Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access().  Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.

Extracted from the Android external/libselinux tree.

Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-02-02 14:09:06 -05:00
Steve Lawrence
f0c9966f88 Bump to final release 2015-02-02 09:38:10 -05:00
Steve Lawrence
823ebc8c6b Bump to release candidate 7 2014-12-03 10:06:26 -05:00
Steve Lawrence
07e75a9cc7 Bump to release candidate 6 2014-11-12 08:30:15 -05:00
Steve Lawrence
d1db56c52b Bump to release candidate 5 2014-10-29 11:01:03 -04:00
Steve Lawrence
71393a181d libselinux: libsepol: use ln --relative to create .so symlinks
The current build system assumes SHLIBDIR is ../../ relative to LIBDIR.
However, this isn't always the case. For example, Arch Linux sets both
LIBDIR and SHLIBDIR to /usr/lib, which results in broken symlinks.

Instead of making that assumption, create .so symlinks using ln
--relative so that the correct relative paths are used. Note that this
adds a dependency for the build system to use coretuils-8.16 or later.

Fixes #2

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-22 08:25:44 -04:00
Steve Lawrence
6280387034 Bump to release candidate 4 2014-10-06 15:03:24 -04:00
Steve Lawrence
ff5bbe6dcf Bump VERSION/ChangeLog for release candidate 3
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 10:16:34 -04:00
Nicolas Iooss
ae5de8ae69 libselinux: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:11 -04:00
Laurent Bigonville
1550132ede libselinux: man: Add missing manpage links to security_load_policy.3
Add the missing manpage link for selinux_init_load_policy(3) and
selinux_mkload_policy(3) to security_load_policy(3)

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753803

Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-09-02 08:31:15 -04:00
Steve Lawrence
213c3189d0 Bump versions for r2
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-27 11:47:04 -04:00
Steve Lawrence
8f9d3a7c95 Fix typos in ChangeLog and Versions 2014-08-26 14:20:48 -04:00
Steve Lawrence
79fd2d06ab Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2014-08-26 09:48:54 -04:00
Dan Walsh
70b23853a8 libselinux: Compiled file context files and the original should have the same permissions
Currently the compiled file context files can end up with different
permissions then the original.  This can lead to non priv users
not being able to read the compiled versions.
2014-08-26 07:59:02 -04:00
Stephen Smalley
76913d8adb Deprecate use of flask.h and av_permissions.h.
Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:49:18 -04:00
Stephen Smalley
ac33098a80 Add pcre version string to the compiled file_contexts format.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-09 13:02:46 -04:00
Stephen Smalley
7bdc38ccb2 Log an error on unknown classes and permissions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-07-08 14:03:39 -04:00
Artyom Smirnov
056efe85d6 Add db_exception and db_datatype support to label_db backend
Hi,

in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception
and db_datatype were added to reference policy. This small patch
extends ability of label_db backend to work with these objects.

Regards.
2014-06-26 10:51:15 -04:00
Nicolas Iooss
78c9c97ab9 libselinux: fix typo in man page 2014-06-12 08:20:41 -04:00
Will Woods
241fac2728 selinux_init_load_policy: setenforce(0) if security_disable() fails
If you run selinux_init_load_policy() after a chroot/switch-root, it's
possible that your *previous* root loaded policy, but your *new* root
wants SELinux disabled.

We can't disable SELinux in this case, but we *do* need to make sure
it's permissive. Otherwise we may continue to enforce the old policy.

So, if seconfig = -1, but security_disable() fails, we set *enforce=0,
and then let the existing code handle the security_{get,set}enforce
stuff.

Once that's handled, exit with failure via "goto noload", as before.
2014-05-07 15:24:35 -04:00
Stephen Smalley
1e6482134b Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-05-06 13:30:27 -04:00
Stephen Smalley
35b3c259a7 2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-03-25 13:24:44 -04:00
Stephen Smalley
269b45c8bb Update libselinux/ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-19 16:12:55 -05:00
Stephen Smalley
9eb9c93275 Get rid of security_context_t and fix const declarations.
In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 16:11:48 -05:00
Stephen Smalley
1cb368636b Updated libselinux/ChangeLog for next.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-01-06 14:07:18 -05:00
Guillem Jover
a2737333c7 libselinux: Refactor rpm_execcon() into a new setexecfilecon()
This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.

Base rpm_execcon() off this new function.

Signed-off-by: Guillem Jover <guillem@debian.org>
2014-01-06 14:06:03 -05:00
Stephen Smalley
2ba1541f21 Merge branch 'master' into next 2013-12-30 14:40:32 -05:00
Stephen Smalley
edc2e99687 libselinux 2.2.2 - userspace AVC per-domain permissive handling fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:39:59 -05:00
Stephen Smalley
dcd8167f77 Coding style fix for sizeof operator.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:38:11 -05:00
Stephen Smalley
85a42ec87d Fix a bug in the userspace AVC that broke per-domain permissive mode.
Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for userspace
permission checks.

Also ensure that we clear the entire structure.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-12-30 14:36:19 -05:00
Colin Walters
d24fb6834d selinux_set_mapping: Document it
This patch may not actually be useful since there's a man page.
2013-11-07 15:43:54 -05:00
Stephen Smalley
27238433ad Bump libselinux version to 2.2.1 for pkg-config fix.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 14:56:30 -05:00
Stephen Smalley
7e7916932b Remove -lpthread from pkg-config file.
libselinux uses weak bindings to pthread functions and will fall
back to non-threaded implementations if the caller is not linked
with libpthread.  Avoid requiring all users of libselinux to
link with libpthread.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-11-06 14:55:23 -05:00
Stephen Smalley
7c4bb77999 Version bump for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:45:19 -04:00
Stephen Smalley
8e5d465335 Update ChangeLog files.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-30 12:42:05 -04:00
Laurent Bigonville
9792099fd7 Properly build the swig exception file even if the headers are missing
During build if the headers are not installed in the system path, the
generated swig exception (.i) file might be empty.
2013-10-30 12:19:02 -04:00
Dan Walsh
6d0f111421 Change audit2why to return constraint information on denial.
This patch uses Richard Haines fixes in libsepol to help identify which
constraint is blocking access.  The end goal is helping policy writers
and administrators to diagnose issues with their policy.
2013-10-29 08:49:51 -04:00
Stephen Smalley
8b114a3bf2 Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.
If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.

Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2013-10-28 16:52:50 -04:00