Commit graph

1983 commits

Author SHA1 Message Date
Stephen Smalley
b97d959a6a Move policycoreutils/sepolgen-ifgen into python/audit2allow.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
50be5fcca4 Move sepolicy desktop and png files to gui.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
eeba5952df mcstrans: Add a relabel target.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:51 -05:00
Stephen Smalley
233fe333f8 mcstrans: Add .gitignore file
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
fe74095490 Build mcstrans.
We should build it by default or else it will bitrot.
But you can still omit it by overriding OPT_SUBDIRS.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
3dcdc46378 Make it easy to omit optional components.
Split optional components into their own overridable OPT_SUBDIRS
definition.  Then you can build without them via make OPT_SUBDIRS=
or specify a subset of them in that manner.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
c9c97d6e8b Move policycoreutils/semodule_{deps,expand,link} to semodule-utils.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
48dc232627 Move policycoreutils/{sepolicy,audit2allow,semanage,scripts/chcat*} and sepolgen to python.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
63e6dba9ca Move policycoreutils/sepolicy dbus service files to dbus.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
97bf196c89 Move policycoreutils/sandbox to sandbox.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
00be13634a Move policycoreutils/restorecond to restorecond.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
4cc808671a Move policycoreutils/mcstrans to mcstrans.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
2e4d0bc862 Move policycoreutils/gui to gui.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 11:19:50 -05:00
Stephen Smalley
d4387cd75f Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 09:14:13 -05:00
Nicolas Iooss
02a7d77ef2 libsepol: make parsing symbol table headers more robust
When hll/pp loads a policy file which has been modified so that the
nprim field of one of its non-empty symbol table was changed to zero, it
crashes with a segmentation fault. A quick analysis leads to
"p->sym_val_to_name[i] = (char **)alloc(p->symtab[i].nprim, sizeof(char
*));" in policydb_index_others(), which is not executed when
p->symtab[i].nprim is zero even though there are items in
p->symtab[i].table.

Detect such an oddity in the policy file early to exit with a clean
error message.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-16 09:07:10 -05:00
Nicolas Iooss
0a32f3b169 libsepol: test for ebitmap_read() negative return value
While fuzzing hll/pp, the fuzzer (AFL) crafted a policy which triggered
the following message without making the policy loading fail (the
program crashed with a segmentation fault later):

    security: ebitmap: map size 192 does not match my size 64 (high bit
    was 0)

This is because ebitmap_read() returned -EINVAL and this value was
handled as a successful return value by scope_index_read() because it
was not -1.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-16 09:05:18 -05:00
Nicolas Iooss
784b43b2ae libsepol: replace an assert with an error message
When fuzzing hll/pp inputs, a policy module where the value of
scope->decl_ids_len has been modified to zero makes the program abort
(when it has been compiled without -DNDEBUG).

Change the behavior to report an error message instead. This eases
fuzzing functions like policydb_read().

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-16 09:03:45 -05:00
Stephen Smalley
a96184bcbb Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-16 08:53:27 -05:00
William Roberts
be96f05182 libsepol: fix checkpolicy dontaudit compiler bug
The combining logic for dontaudit rules was wrong, causing
a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
rule.

This is a reimplementation of:
commit 6201bb5e25 ("libsepol:
fix checkpolicy dontaudit compiler bug")
that avoids the cumbersome pointer assignments on alloced.

Reported-by: Nick Kralevich <nnk@google.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2016-11-16 08:50:03 -05:00
William Roberts
5862ac5dfe Revert "libsepol: fix checkpolicy dontaudit compiler bug"
This reverts commit 6201bb5e25.
2016-11-16 08:46:21 -05:00
Stephen Smalley
d0c82f8fb9 Updated libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 17:28:49 -05:00
Nicolas Iooss
398266f95f libsemanage: use a macro prefixed with SEMANAGE to protect dso.h
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 17:28:12 -05:00
Stephen Smalley
f60519edf6 Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 17:25:14 -05:00
Stephen Smalley
7a4db1566a libsepol: cil_lexer: make warnings non-fatal for building
The flex skeleton often triggers compiler warnings; make these
non-fatal for building.  We already do likewise for checkpolicy.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 17:19:18 -05:00
Stephen Smalley
2ceadad8a3 Updated libselinux and libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:14:24 -05:00
Nicolas Iooss
79db6da87f libselinux, libsemanage: swig: use SWIG_fail when an error occurs
Using SWIG_fail in the Python SWIG wrappers makes the wrapping function
destroy/free the memory which could have been dynamically allocated
before calling the wrapped function. This thus prevents possible memory
leaks in the wrappers of set*con(), set*con_raw(), security_compute_*(),
etc.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:11:25 -05:00
Nicolas Iooss
db17f12273 libselinux,libsemanage: fall back to gcc in exception.sh
clang does not support -aux-info option. When exception.sh is run with
CC=clang, use gcc to build selinuxswig_python_exception.i and
semanageswig_python_exception.i.

This does not solve the issue of building libselinux and libsemanage
Python wrappers on a system without gcc. However parsing the result of
"gcc -aux-info" is easier than parsing the header files so stay with
this command at least for now.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:10:57 -05:00
Stephen Smalley
f1db7b75e0 Updated secilc ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:10:21 -05:00
Nicolas Iooss
672f96f012 secilc: do not build secilc man page if it is up to date
When running "make all" several times in the root directory of the
project, the following lines always appear (and the command takes some
seconds to complete on my system with a slow hard drive):

    xmlto man secilc.8.xml
    Note: Writing secilc.8

This is because "make man" always builds secilc.8 even though
secilc.8.xml has not been modified. Introduce an intermediate target to
avoid this behavior.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:08:50 -05:00
Stephen Smalley
2c1ae0f029 Updated libselinux and libsemanage ChangeLogs
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 11:07:20 -05:00
Nicolas Iooss
bb98da0948 libselinux,libsemanage: link Python wrapper with Python
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Python wrapper module needs to be
linked with the right libpython.so. This library is found using
pkg-config in a new PYLIBS variable.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
ad3aa7f52f libsemanage: query for python site-packages dir directly
Use the python interpreter to find the install directory, like commit
8162f10e67 ("libselinux: query for python site-packages dir directly")
did for libselinux.

While at it, do not install semanage.py (generated by SWIG) with
executable permission bits.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
f5b9bc2a06 libselinux,libsemanage: link Ruby wrapper with -lruby
When linking with -Wl,-no-undefined in LDFLAGS (in order to find
possible link-time errors), the Ruby wrapper module needs to be linked
with the libruby.so which is used by $(RUBY). Introduce a new RUBYLIBS
variable to find this library.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Nicolas Iooss
22e3ad6633 libselinux,libsemanage: use Ruby to define RUBYINC
This makes building libselinux and libsemanage  more robust on systems
with several versions of Ruby installed: when building, only RUBY needs
to be set, without wondering about PKG_CONFIG_PATH or other environment
variables.

Using RbConfig::CONFIG["rubyarchhdrdir"] only works with Ruby >= 2.0 but
since previous Ruby versions are retired since 2015-02-23 this should
not have any impact
(https://www.ruby-lang.org/en/news/2015/02/23/support-for-ruby-1-9-3-has-ended/).

While at it, in libsemanage, use RbConfig::CONFIG["vendorarchdir"] to
install the Ruby extension, like commit 1cd80faa53 ("libselinux:
versioned ruby pkg-config and query vendorarchdir properly") did for
libselinux.

My main motivation with this patch is to make the build configuration
easier to define on Travis-CI or other continuous integration platforms.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-15 11:04:00 -05:00
Stephen Smalley
df3ba03b9f Updated policycoreutils ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 10:56:24 -05:00
Laurent Bigonville
917f398d7c policycoreutils: Use GObject introspection binding instead of python-gobject in selinux_server.py
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-11-15 10:54:18 -05:00
Laurent Bigonville
1270be188a policycoreutils: Force GTK3.0 for sepolicy gui
This removes the following warning when running sepolicy gui command:

/usr/lib/python3/dist-packages/sepolicy/gui.py:29: PyGIWarning: Gtk was imported without specifying a version first. Use gi.require_version('Gtk', '3.0') before import to ensure that the right version gets loaded.

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-11-15 10:54:13 -05:00
Stephen Smalley
0339318a26 Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-15 10:49:13 -05:00
dcashman
4750ec2ed5 libsepol: cil: remove double-free.
Test: Untested patch.
Bug: https://code.google.com/p/android/issues/detail?id=226519
Change-Id: Icaf992ba1487098f2c4f16ac1017012f611281e9
Signed-off-by: Daniel Cashman <dcashman@android.com>
2016-11-15 10:48:26 -05:00
Stephen Smalley
e0882cdbed Updated libsemanage ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:15:28 -05:00
Nicolas Iooss
b372170058 libsemanage: semanage_seuser_key_create: copy name
When removing a login using semanage with Python 3 the following error
occurs:

    # semanage login -l | grep my_user
    my_user                   user_u

    # semanage login --delete my_user
    ValueError: Login mapping for my_user is not defined

This is due to a use-after-free in the swig-generated code for python3
bindings.

Copy the user name in semanage_seuser_key_create() and free it in
semanage_seuser_key_free(), like commit eac6f1f1b5 ("libsepol:
sepol_{bool|iface|user}_key_create: copy name") did.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2016-11-14 13:14:33 -05:00
Stephen Smalley
bfe9360ca5 Updated libselinux ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:11:28 -05:00
Stephen Smalley
bbc930c756 libselinux: fix subdir build and usage of cmdline CFLAGS
commit 16c123f4b1 ("libselinux:
support ANDROID_HOST=1 on Mac") broke the ability to run make
in the src subdirectory of libselinux (because OS and COMPILER
were not defined) and also caused some warning flags that could
be overridden via command-line CFLAGS to be mandatory.  Fix it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 13:10:51 -05:00
Stephen Smalley
a0149f6f4f Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 12:45:57 -05:00
Stephen Smalley
6201bb5e25 libsepol: fix checkpolicy dontaudit compiler bug
The combining logic for dontaudit rules was wrong, causing
a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
rule.

Reported-by: Nick Kralevich <nnk@google.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-14 12:43:32 -05:00
Stephen Smalley
30ef8d0993 Updated libsepol ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-08 10:53:42 -05:00
Stephen Smalley
eac6f1f1b5 libsepol: sepol_{bool|iface|user}_key_create: copy name
The sepol_{bool|iface|user}_key_create() functions were not
copying the name.  This produces a use-after-free in the
swig-generated code for python3 bindings.  Copy the name
in these functions, and free it upon sepol_{bool|iface|user}_key_free().

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-08 10:46:14 -05:00
Stephen Smalley
5e911ee825 Updated policycoreutils ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-08 10:34:47 -05:00
Laurent Bigonville
2d7ca0b862 policycoreutils: Make sepolicy work with python3
Add python3 support for sepolicy

Signed-off-by: Laurent Bigonville <bigon@bigon.be>
2016-11-08 10:34:08 -05:00
Stephen Smalley
71ee7217d7 Updated policycoreutils ChangeLog
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2016-11-08 10:07:45 -05:00