Unconditionally check the magic number before BZ2_bzReadOpen()
instead of only when bzip_blocksize=0, since it falls through.
That way if the file is not compressed it will return immediately
and map_file can mmap it. If the file is compressed then it will
go through the BZ2 functions and any errors will be reported correctly.
This fixes 0afd5de5c1 so that a bz2 error
isn't reported when a uncompressed pp is installed successfully.
Signed-off-by: Thomas Hurd <thurd@tresys.com>
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
This expands IOMEMCON device context entries to 64 bits. This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space. The policy version number change
is shared with the next patch.
While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
There's no guaranty that last item in "char fname[]" will be a null character.
Fixes segfault on some systems:
Test: semanage_nc_sort ...passedtest_semanage_findval: : Invalid argument
libsemanage-tests: TestRun.c:160: CU_assertImplementation: Assertion `((void *)0) != f_pCurTest' failed.
make[1]: *** [test] Aborted (core dumped)
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Fixes two types of errors which appear when building with gcc-5.0.0
- format ‘%d’ expects argument of type ‘int’, but argument X has type ‘unsigned int’
- format ‘%a’ expects argument of type ‘float *’, but argument X has type ‘char **’
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
When the FILESYSTEM token was added to support filesystem names that
start with a digit (e.g. 9p), it was given higher precedence than
NUMBER and therefore all values specified in hex (with 0x prefix)
in policy will incorrectly match FILESYSTEM and yield a syntax error.
This breaks use of iomem ranges in Xen policy and will break ioctl
command ranges in a future SELinux policy version. Switch the
precedence. This does mean that you cannot currently have a filesystem
with a name that happens to be 0x followed by a hexval but hopefully
that isn't an issue.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
- Do not pass in the policydb where not necessary
- Tell CIL what policy version and target platform to use when building
the policydb
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
- No longer require the caller to create a sepol_policydb. CIL is now
responsible for that
- Since the user is no longer responsible for creating the policydb, two
functions are added to let CIL know how it should configure the
policydb, to set the policy version and the target platform
- Some functions, like cil_compile, do not need a policydb. Additionally
some functions, like cil_filecons_to_string use the policydb, but could
be rewritten to not require it. In these cases, remove the policydb
from the API, and rewrite functions so they don't depend on it. The
only function that uses a policydb is cil_build_policydb
- Add functions and symbolic versioning to maintain binary backwards
compatability. API backwards compatability is not maintained
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
- Free args as they are parsed and strdup args when neccessary. Memory used for
lex initialization is now freed using yylex_destroy().
- Add noyywrap option to flex. This is the correct way to make the scanner
not call yywrap upon an end of file. Before, we were overriding the
function and returning 1.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
This adds a 'remove-hll' option to semanage.conf. If set to 'true', all
HLL files will be removed from the SELinux store after successfully
buildling the SELinux modules. The default for this option is 'false'.
In order to delete already compiled HLL files, the modules need to be
recompiled with the ignore-module-cache option.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Fixes segfault on systems with less than 256K stack size.
After change, I was able to run semodule -l with a 32K stack size.
Additionally, fix potential memory leak on realloc failure.
Signed-off-by: Thomas Hurd <thurd@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
Reformat secilc(8) man page for readability and correct url
Remove unused/obsolete info and correct portcon statement in the
Reference Guide.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
restorecon on file names with newlines are not handled properly.
Use PCRE_DOTALL so that dots in regular expressions match all
characters, and don't exclude the newline character.
See https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg02001.html
for background.
Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The man page description for setcon() was never updated for the
introduction of bounded transitions in Linux 2.6.28. Update it.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
If the level contains a category that is not associated with a sensitivity,
the code correctly detects the condition, but does not return an error.
Signed-off-by: Chris PeBenito <cpebenito@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
28ad56e Store file paths in the string pool
da42c28 Use the new fqn datum field for generated strings
5df35f5 Fix a typo in .gitignore that was not ignoring files in docs/
479051c Modify how blocks are copied into blockinherits
793d12d Fix memory leak in classpermissionset
e5bb941 Added several new test policies
d6f2710 Refactored the name resolution code
ba61ee8 Changed how datums are handled when destroying a tree.
36e6818 Reimplemented the code to fully qualify names.
43fa823 Fixed two bugs in cil_copy_ast.c
9ff6072 Small fix to cil_list_remove()
4eecdbe Changed how root node of the AST is initialized.
172b918 Cleanup unused symtab_datum from disabled optionals
06df2d2 Add policy binary and file_contexts to .gitignore
git-subtree-dir: libsepol/cil
git-subtree-split: 28ad56e90c9b923ddf4a186e772645b4c086b6cc
If SELinux is disabled, then selinux_current_policy_path() returns NULL.
At present, if you run audit2allow on a SELinux-disabled host without
the -p option, you get:
unable to open (null): Bad address
We haven't seen this because most people running audit2allow are doing
it on SELinux-enabled hosts and using the host policy. But for Android,
the build host OS often has SELinux disabled and we need to pass audit2allow
the path to the Android policy. Handle this case and provide a hint to
the user.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
s6_addr32 is not portable; use s6_addr instead.
Change-Id: I21c237588d3e7200cefa3af96065f657dae4b1e7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Enable building CIL as part of the host libsepol.
This will allow using it for host-side policy tools.
Omit it from the device libsepol used for the CTS for now,
unless/until such a time as we find it necessary there.
Also build secilc, the CIL compiler.
Change-Id: I2f04a720d9143a9c84fbab211511f76d82581b0b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Per the man page, pcre_study can return NULL without error if
it could not find any additional information. Errors are indicated
by the combination of a NULL return value and a non-NULL error string.
Fix the handling so that we do not incorrectly reject file_contexts
entries.
Change-Id: I2e7b7e01d85d96dd7fe78545d3ee3834281c4eba
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Allow the android property backend parser to accept the
SELABEL_OPT_VALIDATE option and to perform a validate
callback.
Extracted from the Android external/libselinux tree.
Change-Id: If061502c5e2489a1155798fac1d8357dbb8d13ba
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>
Move the SELinux enabled check to the once handler so that we do
not perform this on each call to selinux_check_access(). Reduces
overhead in both the SELinux-enabled and the SELinux-disabled cases.
Extracted from the Android external/libselinux tree.
Change-Id: I61fe85bc04fe53cbf840ba712c81bdb06e4e0c2f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
