Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2029] tags
|
From: <mad...@us...> - 2006-09-13 15:14:09
|
Revision: 2029
http://svn.sourceforge.net/selinux/?rev=2029&view=rev
Author: madmethod
Date: 2006-09-13 08:14:00 -0700 (Wed, 13 Sep 2006)
Log Message:
-----------
tag for libselinux 1.30.28
Added Paths:
-----------
tags/libselinux_1_30_28/
tags/libselinux_1_30_28/libselinux/
tags/libselinux_1_30_28/libselinux/ChangeLog
tags/libselinux_1_30_28/libselinux/VERSION
tags/libselinux_1_30_28/libselinux/src/setrans_client.c
Removed Paths:
-------------
tags/libselinux_1_30_28/libselinux/ChangeLog
tags/libselinux_1_30_28/libselinux/VERSION
tags/libselinux_1_30_28/libselinux/src/setrans_client.c
Copied: tags/libselinux_1_30_28/libselinux (from rev 2026, trunk/libselinux)
Deleted: tags/libselinux_1_30_28/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2006-09-05 14:57:13 UTC (rev 2026)
+++ tags/libselinux_1_30_28/libselinux/ChangeLog 2006-09-13 15:14:00 UTC (rev 2029)
@@ -1,550 +0,0 @@
-1.30.27 2006-08-24
- * Merged patch to not log avc stats upon a reset from Steve Grubb.
- * Applied patch to revert compat_net setting upon policy load.
-
-1.30.26 2006-08-11
- * Merged file context homedir and local path functions from
- Chris PeBenito.
-
-1.30.25 2006-08-11
- * Rework functions that access /proc/pid/attr to access the
- per-thread nodes, and unify the code to simplify maintenance.
-
-1.30.24 2006-08-10
- * Merged return value fix for *getfilecon() from Dan Walsh.
-
-1.30.23 2006-08-10
- * Merged sockcreate interfaces from Eric Paris.
-
-1.30.22 2006-08-03
- * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
-
-1.30.21 2006-08-03
- * Merged netfilter_contexts support patch from Chris PeBenito.
-
-1.30.20 2006-08-01
- * Merged context_*_set errno patch from Jim Meyering.
-
-1.30.19 2006-06-29
- * Lindent.
-
-1.30.18 2006-06-27
- * Merged {get,set}procattrcon patch set from Eric Paris.
- * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
-
-1.30.17 2006-06-27
- * Regenerated Flask headers from refpolicy.
-
-1.30.16 2006-06-26
- * Merged patch from Dan Walsh with:
- - Added selinux_file_context_{cmp,verify}.
- - Added selinux_lsetfilecon_default.
- - Delay translation of contexts in matchpathcon.
-
-1.30.15 2006-06-16
- * Merged patch from Dan Walsh with:
- * Added selinux_getpolicytype() function.
- * Modified setrans code to skip processing if !mls_enabled.
-
-1.30.14 2006-06-16
- * Set errno in the !selinux_mnt case.
-
-1.30.13 2006-06-02
- * Allocate large buffers from the heap, not on stack.
- Affects is_context_customizable, selinux_init_load_policy,
- and selinux_getenforcemode.
-
-1.30.12 2006-06-02
- * Merged !selinux_mnt checks from Ian Kent.
-
-1.30.11 2006-05-24
- * Merged matchmediacon and trans_to_raw_context fixes from
- Serge Hallyn.
-
-1.30.10 2006-05-22
- * Merged simple setrans client cache from Dan Walsh.
- Merged avcstat patch from Russell Coker.
-
-1.30.9 2006-05-22
- * Modified selinux_mkload_policy() to also set /selinux/compat_net
- appropriately for the loaded policy.
-
-1.30.8 2006-05-17
- * Added matchpathcon_fini() function to free memory allocated by
- matchpathcon_init().
-
-1.30.7 2006-05-16
- * Merged setrans client cleanup patch from Steve Grubb.
-
-1.30.6 2006-05-08
- * Merged getfscreatecon man page fix from Dan Walsh.
- * Updated booleans(8) man page to drop references to the old
- booleans file and to note that setsebool can be used to set
- the boot-time defaults via -P.
-
-1.30.5 2006-05-05
- * Merged fix warnings patch from Karl MacMillan.
-
-1.30.4 2006-05-05
- * Merged setrans client support from Dan Walsh.
- This removes use of libsetrans.
- * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
- * Merged swig typemap fixes from Glauber de Oliveira Costa.
-
-1.30.3 2006-04-12
- * Added distclean target to Makefile.
- * Regenerated swig files.
-
-1.30.2 2006-04-11
- * Changed matchpathcon_init to verify that the spec file is
- a regular file.
- * Merged python binding t_output_helper removal patch from Dan Walsh.
-
-1.30.1 2006-03-20
- * Merged Makefile PYLIBVER definition patch from Dan Walsh.
-
-1.30 2006-03-14
- * Updated version for release.
-
-1.29.8 2006-02-27
- * Altered rpm_execcon fallback logic for permissive mode to also
- handle case where /selinux/enforce is not available.
-
-1.29.7 2006-01-20
- * Merged install-pywrap Makefile patch from Joshua Brindle.
-
-1.29.6 2006-01-18
- * Merged pywrap Makefile patch from Dan Walsh.
-
-1.29.5 2006-01-11
- * Added getseuser test program.
-
-1.29.4 2006-01-06
- * Added format attribute to myprintf in matchpathcon.c and
- removed obsoleted rootlen variable in init_selinux_config().
-
-1.29.3 2006-01-04
- * Merged several fixes and improvements from Ulrich Drepper
- (Red Hat), including:
- - corrected use of getline
- - further calls to __fsetlocking for local files
- - use of strdupa and asprintf
- - proper handling of dirent in booleans code
- - use of -z relro
- - several other optimizations
- * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
-
-1.29.2 2005-12-14
- * Merged call to finish_context_translations from Dan Walsh.
- This eliminates a memory leak from failing to release memory
- allocated by libsetrans.
-
-1.29.1 2005-12-08
- * Merged patch for swig interfaces from Dan Walsh.
-
-1.28 2005-12-07
- * Updated version for release.
-
-1.27.28 2005-12-01
- * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
- modified matchpathcon implementation to make context validation/
- canonicalization optional at matchpathcon_init time, deferring it
- to a successful matchpathcon by default unless the new flag is set
- by the caller.
-
-1.27.27 2005-12-01
- * Added matchpathcon_init_prefix() interface, and
- reworked matchpathcon implementation to support selective
- loading of file contexts entries based on prefix matching
- between the pathname regex stems and the specified path
- prefix (stem must be a prefix of the specified path prefix).
-
-1.27.26 2005-11-29
- * Merged getsebool patch from Dan Walsh.
-
-1.27.25 2005-11-29
- * Added -f file_contexts option to matchpathcon util.
- Fixed warning message in matchpathcon_init().
-
-1.27.24 2005-11-29
- * Merged Makefile python definitions patch from Dan Walsh.
-
-1.27.23 2005-11-28
- * Merged swigify patch from Dan Walsh.
-
-1.27.22 2005-11-15
- * Merged make failure in rpm_execcon non-fatal in permissive mode
- patch from Ivan Gyurdiev.
-
-1.27.21 2005-11-08
- * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
- and modified matchpathcon_init() to skip context translation
- if it is set by the caller.
-
-1.27.20 2005-11-07
- * Added security_canonicalize_context() interface and
- set_matchpathcon_canoncon() interface for obtaining
- canonical contexts. Changed matchpathcon internals
- to obtain canonical contexts by default. Provided
- fallback for kernels that lack extended selinuxfs context
- interface.
-
-1.27.19 2005-11-04
- * Merged seusers parser changes from Ivan Gyurdiev.
- * Merged setsebool to libsemanage patch from Ivan Gyurdiev.
- * Changed seusers parser to reject empty fields.
-
-1.27.18 2005-11-03
- * Merged seusers empty level handling patch from Jonathan Kim (TCS).
-
-1.27.17 2005-10-27
- * Changed default entry for seusers to use __default__ to avoid
- ambiguity with users named "default".
-
-1.27.16 2005-10-27
- * Fixed init_selinux_config() handling of missing /etc/selinux/config
- or missing SELINUXTYPE= definition.
- * Merged selinux_translations_path() patch from Dan Walsh.
-
-1.27.15 2005-10-25
- * Added hidden_proto/def for get_default_context_with_role.
-
-1.27.14 2005-10-25
- * Merged selinux_path() and selinux_homedir_context_path()
- functions from Joshua Brindle.
-
-1.27.13 2005-10-19
- * Merged fixes for make DESTDIR= builds from Joshua Brindle.
-
-1.27.12 2005-10-18
- * Merged get_default_context_with_rolelevel and man pages from
- Dan Walsh (Red Hat).
-
-1.27.11 2005-10-18
- * Updated call to sepol_policydb_to_image for sepol changes.
-
-1.27.10 2005-10-17
- * Changed getseuserbyname to ignore empty lines and to handle
- no matching entry in the same manner as no seusers file.
-
-1.27.9 2005-10-13
- * Changed selinux_mkload_policy to try downgrading the
- latest policy version available to the kernel-supported version.
-
-1.27.8 2005-10-11
- * Changed selinux_mkload_policy to fall back to the maximum
- policy version supported by libsepol if the kernel policy version
- falls outside of the supported range.
-
-1.27.7 2005-10-06
- * Changed getseuserbyname to fall back to the Linux username and
- NULL level if seusers config file doesn't exist unless
- REQUIRESEUSERS=1 is set in /etc/selinux/config.
- * Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
-
-1.27.6 2005-10-06
- * Added selinux_init_load_policy() function as an even higher level
- interface for the initial policy load by /sbin/init. This obsoletes
- the load_policy() function in the sysvinit-selinux.patch.
-
-1.27.5 2005-10-06
- * Added selinux_mkload_policy() function as a higher level interface
- for loading policy than the security_load_policy() interface.
-
-1.27.4 2005-10-05
- * Merged fix for matchpathcon (regcomp error checking) from Johan
- Fischer. Also added use of regerror to obtain the error string
- for inclusion in the error message.
-
-1.27.3 2005-10-03
- * Changed getseuserbyname to not require (and ignore if present)
- the MLS level in seusers.conf if MLS is disabled, setting *level
- to NULL in this case.
-
-1.27.2 2005-09-30
- * Merged getseuserbyname patch from Dan Walsh.
-
-1.27.1 2005-09-19
- * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
- This allows file_contexts with MLS fields to be processed on
- non-MLS-enabled systems with policies that are otherwise
- identical (e.g. same type definitions).
- * Merged get_ordered_context_list_with_level() function from
- Dan Walsh, and added get_default_context_with_level().
- This allows MLS level selection for users other than the
- default level.
-
-1.26 2005-09-06
- * Updated version for release.
-
-1.25.7 2005-09-01
- * Merged modified form of patch to avoid dlopen/dlclose by
- the static libselinux from Dan Walsh. Users of the static libselinux
- will not have any context translation by default.
-
-1.25.6 2005-08-31
- * Added public functions to export context translation to
- users of libselinux (selinux_trans_to_raw_context,
- selinux_raw_to_trans_context).
-
-1.25.5 2005-08-26
- * Remove special definition for context_range_set; use
- common code.
-
-1.25.4 2005-08-25
- * Hid translation-related symbols entirely and ensured that
- raw functions have hidden definitions for internal use.
- * Allowed setting NULL via context_set* functions.
- * Allowed whitespace in MLS component of context.
- * Changed rpm_execcon to use translated functions to workaround
- lack of MLS level on upgraded systems.
-
-1.25.3 2005-08-23
- * Merged context translation patch, originally by TCS,
- with modifications by Dan Walsh (Red Hat).
-
-1.25.2 2005-08-11
- * Merged several fixes for error handling paths in the
- AVC sidtab, matchpathcon, booleans, context, and get_context_list
- code from Serge Hallyn (IBM). Bugs found by Coverity.
-
-1.25.1 2005-08-10
- * Removed setupns; migrated to pam.
- * Merged patches to rename checkPasswdAccess() from Joshua Brindle.
- Original symbol is temporarily retained for compatibility until
- all callers are updated.
-
-1.24 2005-06-20
- * Updated version for release.
-
-1.23.12 2005-06-13
- * Merged security_setupns() from Chad Sellers.
-
-1.23.11 2005-05-19
- * Merged avcstat and selinux man page from Dan Walsh.
- * Changed security_load_booleans to process booleans.local
- even if booleans file doesn't exist.
-
-1.23.10 2005-04-29
- * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
-
-1.23.9 2005-04-26
- * Rewrote get_ordered_context_list and helpers, including
- changing logic to allow variable MLS fields.
-
-1.23.8 2005-04-25
- * Merged matchpathcon and man page patch from Dan Walsh.
-
-1.23.7 2005-04-12
- * Changed boolean functions to return -1 with errno ENOENT
- rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
- mounted).
-
-1.23.6 2005-04-08
- * Fixed bug in matchpathcon_filespec_destroy.
-
-1.23.5 2005-04-05
- * Fixed bug in rpm_execcon error handling path.
-
-1.23.4 2005-04-04
- * Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
- * Merged fix for getconlist utility from Andreas Steinmetz.
-
-1.23.3 2005-03-29
- * Merged security_set_boolean_list patch from Dan Walsh.
- This introduces booleans.local support for setsebool.
-
-1.23.2 2005-03-17
- * Merged destructors patch from Tomas Mraz.
-
-1.23.1 2005-03-16
- * Added set_matchpathcon_flags() function for setting flags
- controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
- means only process the base file_contexts file, not
- file_contexts.homedirs or file_contexts.local, and is for use by
- setfiles -c.
- * Updated matchpathcon.3 man page.
-
-1.22 2005-03-09
- * Updated version for release.
-
-1.21.13 2005-03-08
- * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
-
-1.21.12 2005-03-01
- * Changed matchpathcon_common to ignore any non-format bits in the mode.
-
-1.21.11 2005-02-22
- * Merged several fixes from Ulrich Drepper.
-
-1.21.10 2005-02-17
- * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
- * Added selinux_users_path() for path to directory containing
- system.users and local.users.
-
-1.21.9 2005-02-09
- * Changed relabel Makefile target to use restorecon.
-
-1.21.8 2005-02-07
- * Regenerated av_permissions.h.
-
-1.21.7 2005-02-01
- * Modified avc_dump_av to explicitly check for any permissions that
- cannot be mapped to string names and display them as a hex value.
-
-1.21.6 2005-01-31
- * Regenerated av_permissions.h.
-
-1.21.5 2005-01-28
- * Generalized matchpathcon internals, exported more interfaces,
- and moved additional code from setfiles into libselinux so that
- setfiles can directly use matchpathcon.
-
-1.21.4 2005-01-27
- * Prevent overflow of spec array in matchpathcon.
-
-1.21.3 2005-01-26
- * Fixed several uses of internal functions to avoid relocations.
- * Changed rpm_execcon to check is_selinux_enabled() and fallback to
- a regular execve if not enabled (or unable to determine due to a lack
- of /proc, e.g. chroot'd environment).
-
-
-1.21.2 2005-01-24
- * Merged minor fix for avcstat from Dan Walsh.
-
-1.21.1 2005-01-19
- * Merged patch from Dan Walsh, including:
- - new is_context_customizable function
- - changed matchpathcon to also use file_contexts.local if present
- - man page cleanups
-
-1.20 2005-01-04
- * Changed matchpathcon to return -1 with errno ENOENT for
- <<none>> entries, and also for an empty file_contexts configuration.
- * Removed some trivial utils that were not useful or redundant.
- * Changed BINDIR default to /usr/sbin to match change in Fedora.
- * Added security_compute_member.
- * Added man page for setcon.
- * Merged more man pages from Dan Walsh.
- * Merged avcstat from James Morris.
- * Merged build fix for mips from Manoj Srivastava.
- * Merged C++ support from John Ramsdell of MITRE.
- * Merged setcon() function from Darrel Goeddel of TCS.
- * Merged setsebool/togglesebool enhancement from Steve Grubb.
- * Merged cleanup patches from Steve Grubb.
-
-1.18 2004-11-01
- * Merged cleanup patches from Steve Grubb.
- * Added rpm_execcon.
- * Merged setenforce and removable context patch from Dan Walsh.
- * Merged build fix for alpha from Ulrich Drepper.
- * Removed copyright/license from selinux_netlink.h - definitions only.
- * Merged matchmediacon from Dan Walsh.
- * Regenerated headers for new nscd permissions.
- * Added get_default_context_with_role.
- * Added set_matchpathcon_printf.
- * Reworked av_inherit.h to allow easier re-use by kernel.
- * Changed avc_has_perm_noaudit to not fail on netlink errors.
- * Changed avc netlink code to check pid based on patch by Steve Grubb.
- * Merged second optimization patch from Ulrich Drepper.
- * Changed matchpathcon to skip invalid file_contexts entries.
- * Made string tables private to libselinux.
- * Merged strcat->stpcpy patch from Ulrich Drepper.
- * Merged matchpathcon man page from Dan Walsh.
- * Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
- * Autobind netlink socket.
- * Dropped compatibility code from security_compute_user.
- * Merged fix for context_range_set from Chad Hanson.
- * Merged allocation failure checking patch from Chad Hanson.
- * Merged avc netlink error message patch from Colin Walters.
-
-1.16 2004-08-19
- * Regenerated headers for nscd class.
- * Merged man pages from Dan Walsh.
- * Merged context_new bug fix for MLS ranges from Chad Hanson.
- * Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
- * Renamed change_bool and show_bools to setsebool and getsebool.
- * Merged security_load_booleans() function from Dan Walsh.
- * Added selinux_booleans_path() function.
- * Changed avc_init function prototype to use const.
- * Regenerated headers for crontab permission.
- * Added checkAccess from Dan Walsh.
- * Merged getenforce patch from Dan Walsh.
- * Regenerated headers for dbus classes.
-
-1.14 2004-06-16
- * Regenerated headers for fine-grained netlink classes.
- * Merged selinux_config bug fix from Dan Walsh.
- * Added userspace AVC man pages.
- * Added man links for API calls to existing man pages documenting them.
- * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
- * Merged patch to determine config file paths at runtime to support
- reorganized layout.
- * Regenerated flask headers with stable ordering.
- * Merged patch for man pages from Russell Coker.
-
-1.12 2004-05-10
- * Updated flask files to include new SE-X security classes.
- * Added security_disable function for runtime disable of SELinux prior
- to initial policy load (for /sbin/init).
- * Changed get_ordered_context_list to omit any reachable contexts
- that are not explicitly listed in default_contexts, unless there
- are no matches.
- * Merged man pages from Russell Coker and Dan Walsh.
- * Merged memory leak fixes from Dan Walsh.
- * Merged policyvers errno patch from Chris PeBenito.
-
-1.10 2004-04-05
- * Merged getenforce patch from Dan Walsh.
- * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
- the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
- Based on a patch by Russell Coker.
- * Merged matchpathcon buffer size fix from Dan Walsh.
-
-1.8 2004-03-09
- * Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
- * Added matchpathcon function.
- * Updated userspace AVC to handle netlink selinux notifications.
-
-1.6 2004-02-18
- * Merged conditional policy extensions from Tresys Technology.
- * Added userspace avc and SID table implementation.
- * Fixed type on size in getpeercon per Thorsten Kukuk's advice.
- * Fixed use of getpwnam_r per Thorsten Kukuk's advice.
- * Changed to use getpwnam_r rather than getpwnam internally to
- avoid clobbering any existing pwd struct obtained by the caller.
- * Added getpeercon function to encapsulate getsockopt SO_PEERSEC
- and handle allocation ala getfilecon.
- * Changed is_selinux_enabled to return -1 on errors.
- * Changed to discover selinuxfs mount point via /proc/mounts
- so that the mount point can be changed without rebuilding.
-
-1.4 2003-12-01
- * Merged another cleanup patch from Bastian Blank and Joerg Hoh.
- * Regenerate headers for new permissions.
- * Merged static lib build patch from Bastian Blank and Joerg Hoh.
- * Export SELINUXMNT definition, add SELINUXPOLICY definition.
- * Add functions to provide access to enforce and policyvers.
- * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
- * Fixed type for 'size' in *getfilecon.
- * Dropped -lattr and changed #include's to <sys/xattr.h>
- * Merged patch to move shared library to /lib from Dan Walsh.
- * Changed get_ordered_context_list to support a failsafe context.
- * Added selinuxenabled utility.
- * Merged const patch from Thorsten Kukuk.
-
-1.2 2003-09-30
- * Change is_selinux_enabled to fail if policy isn't loaded.
- * Changed Makefiles to allow non-root rpm builds.
- * Added -lattr for libselinux.so to ensure proper binding.
-
-1.1 2003-08-13
- * Ensure that context strings are padded with a null byte
- in case the kernel didn't include one.
- * Regenerate headers, update helpers.c for code cleanup.
- * Pass soname flag to linker (Colin Walters).
- * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
-
-1.0 2003-07-11
- * Initial public release.
Copied: tags/libselinux_1_30_28/libselinux/ChangeLog (from rev 2028, trunk/libselinux/ChangeLog)
===================================================================
--- tags/libselinux_1_30_28/libselinux/ChangeLog (rev 0)
+++ tags/libselinux_1_30_28/libselinux/ChangeLog 2006-09-13 15:14:00 UTC (rev 2029)
@@ -0,0 +1,553 @@
+1.30.28 2006-09-13
+ * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
+
+1.30.27 2006-08-24
+ * Merged patch to not log avc stats upon a reset from Steve Grubb.
+ * Applied patch to revert compat_net setting upon policy load.
+
+1.30.26 2006-08-11
+ * Merged file context homedir and local path functions from
+ Chris PeBenito.
+
+1.30.25 2006-08-11
+ * Rework functions that access /proc/pid/attr to access the
+ per-thread nodes, and unify the code to simplify maintenance.
+
+1.30.24 2006-08-10
+ * Merged return value fix for *getfilecon() from Dan Walsh.
+
+1.30.23 2006-08-10
+ * Merged sockcreate interfaces from Eric Paris.
+
+1.30.22 2006-08-03
+ * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
+
+1.30.21 2006-08-03
+ * Merged netfilter_contexts support patch from Chris PeBenito.
+
+1.30.20 2006-08-01
+ * Merged context_*_set errno patch from Jim Meyering.
+
+1.30.19 2006-06-29
+ * Lindent.
+
+1.30.18 2006-06-27
+ * Merged {get,set}procattrcon patch set from Eric Paris.
+ * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
+
+1.30.17 2006-06-27
+ * Regenerated Flask headers from refpolicy.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ - Added selinux_file_context_{cmp,verify}.
+ - Added selinux_lsetfilecon_default.
+ - Delay translation of contexts in matchpathcon.
+
+1.30.15 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Added selinux_getpolicytype() function.
+ * Modified setrans code to skip processing if !mls_enabled.
+
+1.30.14 2006-06-16
+ * Set errno in the !selinux_mnt case.
+
+1.30.13 2006-06-02
+ * Allocate large buffers from the heap, not on stack.
+ Affects is_context_customizable, selinux_init_load_policy,
+ and selinux_getenforcemode.
+
+1.30.12 2006-06-02
+ * Merged !selinux_mnt checks from Ian Kent.
+
+1.30.11 2006-05-24
+ * Merged matchmediacon and trans_to_raw_context fixes from
+ Serge Hallyn.
+
+1.30.10 2006-05-22
+ * Merged simple setrans client cache from Dan Walsh.
+ Merged avcstat patch from Russell Coker.
+
+1.30.9 2006-05-22
+ * Modified selinux_mkload_policy() to also set /selinux/compat_net
+ appropriately for the loaded policy.
+
+1.30.8 2006-05-17
+ * Added matchpathcon_fini() function to free memory allocated by
+ matchpathcon_init().
+
+1.30.7 2006-05-16
+ * Merged setrans client cleanup patch from Steve Grubb.
+
+1.30.6 2006-05-08
+ * Merged getfscreatecon man page fix from Dan Walsh.
+ * Updated booleans(8) man page to drop references to the old
+ booleans file and to note that setsebool can be used to set
+ the boot-time defaults via -P.
+
+1.30.5 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.4 2006-05-05
+ * Merged setrans client support from Dan Walsh.
+ This removes use of libsetrans.
+ * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
+ * Merged swig typemap fixes from Glauber de Oliveira Costa.
+
+1.30.3 2006-04-12
+ * Added distclean target to Makefile.
+ * Regenerated swig files.
+
+1.30.2 2006-04-11
+ * Changed matchpathcon_init to verify that the spec file is
+ a regular file.
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+
+1.30.1 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.8 2006-02-27
+ * Altered rpm_execcon fallback logic for permissive mode to also
+ handle case where /selinux/enforce is not available.
+
+1.29.7 2006-01-20
+ * Merged install-pywrap Makefile patch from Joshua Brindle.
+
+1.29.6 2006-01-18
+ * Merged pywrap Makefile patch from Dan Walsh.
+
+1.29.5 2006-01-11
+ * Added getseuser test program.
+
+1.29.4 2006-01-06
+ * Added format attribute to myprintf in matchpathcon.c and
+ removed obsoleted rootlen variable in init_selinux_config().
+
+1.29.3 2006-01-04
+ * Merged several fixes and improvements from Ulrich Drepper
+ (Red Hat), including:
+ - corrected use of getline
+ - further calls to __fsetlocking for local files
+ - use of strdupa and asprintf
+ - proper handling of dirent in booleans code
+ - use of -z relro
+ - several other optimizations
+ * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
+
+1.29.2 2005-12-14
+ * Merged call to finish_context_translations from Dan Walsh.
+ This eliminates a memory leak from failing to release memory
+ allocated by libsetrans.
+
+1.29.1 2005-12-08
+ * Merged patch for swig interfaces from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.28 2005-12-01
+ * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
+ modified matchpathcon implementation to make context validation/
+ canonicalization optional at matchpathcon_init time, deferring it
+ to a successful matchpathcon by default unless the new flag is set
+ by the caller.
+
+1.27.27 2005-12-01
+ * Added matchpathcon_init_prefix() interface, and
+ reworked matchpathcon implementation to support selective
+ loading of file contexts entries based on prefix matching
+ between the pathname regex stems and the specified path
+ prefix (stem must be a prefix of the specified path prefix).
+
+1.27.26 2005-11-29
+ * Merged getsebool patch from Dan Walsh.
+
+1.27.25 2005-11-29
+ * Added -f file_contexts option to matchpathcon util.
+ Fixed warning message in matchpathcon_init().
+
+1.27.24 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.27.23 2005-11-28
+ * Merged swigify patch from Dan Walsh.
+
+1.27.22 2005-11-15
+ * Merged make failure in rpm_execcon non-fatal in permissive mode
+ patch from Ivan Gyurdiev.
+
+1.27.21 2005-11-08
+ * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
+ and modified matchpathcon_init() to skip context translation
+ if it is set by the caller.
+
+1.27.20 2005-11-07
+ * Added security_canonicalize_context() interface and
+ set_matchpathcon_canoncon() interface for obtaining
+ canonical contexts. Changed matchpathcon internals
+ to obtain canonical contexts by default. Provided
+ fallback for kernels that lack extended selinuxfs context
+ interface.
+
+1.27.19 2005-11-04
+ * Merged seusers parser changes from Ivan Gyurdiev.
+ * Merged setsebool to libsemanage patch from Ivan Gyurdiev.
+ * Changed seusers parser to reject empty fields.
+
+1.27.18 2005-11-03
+ * Merged seusers empty level handling patch from Jonathan Kim (TCS).
+
+1.27.17 2005-10-27
+ * Changed default entry for seusers to use __default__ to avoid
+ ambiguity with users named "default".
+
+1.27.16 2005-10-27
+ * Fixed init_selinux_config() handling of missing /etc/selinux/config
+ or missing SELINUXTYPE= definition.
+ * Merged selinux_translations_path() patch from Dan Walsh.
+
+1.27.15 2005-10-25
+ * Added hidden_proto/def for get_default_context_with_role.
+
+1.27.14 2005-10-25
+ * Merged selinux_path() and selinux_homedir_context_path()
+ functions from Joshua Brindle.
+
+1.27.13 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.12 2005-10-18
+ * Merged get_default_context_with_rolelevel and man pages from
+ Dan Walsh (Red Hat).
+
+1.27.11 2005-10-18
+ * Updated call to sepol_policydb_to_image for sepol changes.
+
+1.27.10 2005-10-17
+ * Changed getseuserbyname to ignore empty lines and to handle
+ no matching entry in the same manner as no seusers file.
+
+1.27.9 2005-10-13
+ * Changed selinux_mkload_policy to try downgrading the
+ latest policy version available to the kernel-supported version.
+
+1.27.8 2005-10-11
+ * Changed selinux_mkload_policy to fall back to the maximum
+ policy version supported by libsepol if the kernel policy version
+ falls outside of the supported range.
+
+1.27.7 2005-10-06
+ * Changed getseuserbyname to fall back to the Linux username and
+ NULL level if seusers config file doesn't exist unless
+ REQUIRESEUSERS=1 is set in /etc/selinux/config.
+ * Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
+
+1.27.6 2005-10-06
+ * Added selinux_init_load_policy() function as an even higher level
+ interface for the initial policy load by /sbin/init. This obsoletes
+ the load_policy() function in the sysvinit-selinux.patch.
+
+1.27.5 2005-10-06
+ * Added selinux_mkload_policy() function as a higher level interface
+ for loading policy than the security_load_policy() interface.
+
+1.27.4 2005-10-05
+ * Merged fix for matchpathcon (regcomp error checking) from Johan
+ Fischer. Also added use of regerror to obtain the error string
+ for inclusion in the error message.
+
+1.27.3 2005-10-03
+ * Changed getseuserbyname to not require (and ignore if present)
+ the MLS level in seusers.conf if MLS is disabled, setting *level
+ to NULL in this case.
+
+1.27.2 2005-09-30
+ * Merged getseuserbyname patch from Dan Walsh.
+
+1.27.1 2005-09-19
+ * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
+ This allows file_contexts with MLS fields to be processed on
+ non-MLS-enabled systems with policies that are otherwise
+ identical (e.g. same type definitions).
+ * Merged get_ordered_context_list_with_level() function from
+ Dan Walsh, and added get_default_context_with_level().
+ This allows MLS level selection for users other than the
+ default level.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.7 2005-09-01
+ * Merged modified form of patch to avoid dlopen/dlclose by
+ the static libselinux from Dan Walsh. Users of the static libselinux
+ will not have any context translation by default.
+
+1.25.6 2005-08-31
+ * Added public functions to export context translation to
+ users of libselinux (selinux_trans_to_raw_context,
+ selinux_raw_to_trans_context).
+
+1.25.5 2005-08-26
+ * Remove special definition for context_range_set; use
+ common code.
+
+1.25.4 2005-08-25
+ * Hid translation-related symbols entirely and ensured that
+ raw functions have hidden definitions for internal use.
+ * Allowed setting NULL via context_set* functions.
+ * Allowed whitespace in MLS component of context.
+ * Changed rpm_execcon to use translated functions to workaround
+ lack of MLS level on upgraded systems.
+
+1.25.3 2005-08-23
+ * Merged context translation patch, originally by TCS,
+ with modifications by Dan Walsh (Red Hat).
+
+1.25.2 2005-08-11
+ * Merged several fixes for error handling paths in the
+ AVC sidtab, matchpathcon, booleans, context, and get_context_list
+ code from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.25.1 2005-08-10
+ * Removed setupns; migrated to pam.
+ * Merged patches to rename checkPasswdAccess() from Joshua Brindle.
+ Original symbol is temporarily retained for compatibility until
+ all callers are updated.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.12 2005-06-13
+ * Merged security_setupns() from Chad Sellers.
+
+1.23.11 2005-05-19
+ * Merged avcstat and selinux man page from Dan Walsh.
+ * Changed security_load_booleans to process booleans.local
+ even if booleans file doesn't exist.
+
+1.23.10 2005-04-29
+ * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
+
+1.23.9 2005-04-26
+ * Rewrote get_ordered_context_list and helpers, including
+ changing logic to allow variable MLS fields.
+
+1.23.8 2005-04-25
+ * Merged matchpathcon and man page patch from Dan Walsh.
+
+1.23.7 2005-04-12
+ * Changed boolean functions to return -1 with errno ENOENT
+ rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
+ mounted).
+
+1.23.6 2005-04-08
+ * Fixed bug in matchpathcon_filespec_destroy.
+
+1.23.5 2005-04-05
+ * Fixed bug in rpm_execcon error handling path.
+
+1.23.4 2005-04-04
+ * Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
+ * Merged fix for getconlist utility from Andreas Steinmetz.
+
+1.23.3 2005-03-29
+ * Merged security_set_boolean_list patch from Dan Walsh.
+ This introduces booleans.local support for setsebool.
+
+1.23.2 2005-03-17
+ * Merged destructors patch from Tomas Mraz.
+
+1.23.1 2005-03-16
+ * Added set_matchpathcon_flags() function for setting flags
+ controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
+ means only process the base file_contexts file, not
+ file_contexts.homedirs or file_contexts.local, and is for use by
+ setfiles -c.
+ * Updated matchpathcon.3 man page.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.13 2005-03-08
+ * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
+
+1.21.12 2005-03-01
+ * Changed matchpathcon_common to ignore any non-format bits in the mode.
+
+1.21.11 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.10 2005-02-17
+ * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
+ * Added selinux_users_path() for path to directory containing
+ system.users and local.users.
+
+1.21.9 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.8 2005-02-07
+ * Regenerated av_permissions.h.
+
+1.21.7 2005-02-01
+ * Modified avc_dump_av to explicitly check for any permissions that
+ cannot be mapped to string names and display them as a hex value.
+
+1.21.6 2005-01-31
+ * Regenerated av_permissions.h.
+
+1.21.5 2005-01-28
+ * Generalized matchpathcon internals, exported more interfaces,
+ and moved additional code from setfiles into libselinux so that
+ setfiles can directly use matchpathcon.
+
+1.21.4 2005-01-27
+ * Prevent overflow of spec array in matchpathcon.
+
+1.21.3 2005-01-26
+ * Fixed several uses of internal functions to avoid relocations.
+ * Changed rpm_execcon to check is_selinux_enabled() and fallback to
+ a regular execve if not enabled (or unable to determine due to a lack
+ of /proc, e.g. chroot'd environment).
+
+
+1.21.2 2005-01-24
+ * Merged minor fix for avcstat from Dan Walsh.
+
+1.21.1 2005-01-19
+ * Merged patch from Dan Walsh, including:
+ - new is_context_customizable function
+ - changed matchpathcon to also use file_contexts.local if present
+ - man page cleanups
+
+1.20 2005-01-04
+ * Changed matchpathcon to return -1 with errno ENOENT for
+ <<none>> entries, and also for an empty file_contexts configuration.
+ * Removed some trivial utils that were not useful or redundant.
+ * Changed BINDIR default to /usr/sbin to match change in Fedora.
+ * Added security_compute_member.
+ * Added man page for setcon.
+ * Merged more man pages from Dan Walsh.
+ * Merged avcstat from James Morris.
+ * Merged build fix for mips from Manoj Srivastava.
+ * Merged C++ support from John Ramsdell of MITRE.
+ * Merged setcon() function from Darrel Goeddel of TCS.
+ * Merged setsebool/togglesebool enhancement from Steve Grubb.
+ * Merged cleanup patches from Steve Grubb.
+
+1.18 2004-11-01
+ * Merged cleanup patches from Steve Grubb.
+ * Added rpm_execcon.
+ * Merged setenforce and removable context patch from Dan Walsh.
+ * Merged build fix for alpha from Ulrich Drepper.
+ * Removed copyright/license from selinux_netlink.h - definitions only.
+ * Merged matchmediacon from Dan Walsh.
+ * Regenerated headers for new nscd permissions.
+ * Added get_default_context_with_role.
+ * Added set_matchpathcon_printf.
+ * Reworked av_inherit.h to allow easier re-use by kernel.
+ * Changed avc_has_perm_noaudit to not fail on netlink errors.
+ * Changed avc netlink code to check pid based on patch by Steve Grubb.
+ * Merged second optimization patch from Ulrich Drepper.
+ * Changed matchpathcon to skip invalid file_contexts entries.
+ * Made string tables private to libselinux.
+ * Merged strcat->stpcpy patch from Ulrich Drepper.
+ * Merged matchpathcon man page from Dan Walsh.
+ * Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
+ * Autobind netlink socket.
+ * Dropped compatibility code from security_compute_user.
+ * Merged fix for context_range_set from Chad Hanson.
+ * Merged allocation failure checking patch from Chad Hanson.
+ * Merged avc netlink error message patch from Colin Walters.
+
+1.16 2004-08-19
+ * Regenerated headers for nscd class.
+ * Merged man pages from Dan Walsh.
+ * Merged context_new bug fix for MLS ranges from Chad Hanson.
+ * Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
+ * Renamed change_bool and show_bools to setsebool and getsebool.
+ * Merged security_load_booleans() function from Dan Walsh.
+ * Added selinux_booleans_path() function.
+ * Changed avc_init function prototype to use const.
+ * Regenerated headers for crontab permission.
+ * Added checkAccess from Dan Walsh.
+ * Merged getenforce patch from Dan Walsh.
+ * Regenerated headers for dbus classes.
+
+1.14 2004-06-16
+ * Regenerated headers for fine-grained netlink classes.
+ * Merged selinux_config bug fix from Dan Walsh.
+ * Added userspace AVC man pages.
+ * Added man links for API calls to existing man pages documenting them.
+ * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
+ * Merged patch to determine config file paths at runtime to support
+ reorganized layout.
+ * Regenerated flask headers with stable ordering.
+ * Merged patch for man pages from Russell Coker.
+
+1.12 2004-05-10
+ * Updated flask files to include new SE-X security classes.
+ * Added security_disable function for runtime disable of SELinux prior
+ to initial policy load (for /sbin/init).
+ * Changed get_ordered_context_list to omit any reachable contexts
+ that are not explicitly listed in default_contexts, unless there
+ are no matches.
+ * Merged man pages from Russell Coker and Dan Walsh.
+ * Merged memory leak fixes from Dan Walsh.
+ * Merged policyvers errno patch from Chris PeBenito.
+
+1.10 2004-04-05
+ * Merged getenforce patch from Dan Walsh.
+ * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
+ the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
+ Based on a patch by Russell Coker.
+ * Merged matchpathcon buffer size fix from Dan Walsh.
+
+1.8 2004-03-09
+ * Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
+ * Added matchpathcon function.
+ * Updated userspace AVC to handle netlink selinux notifications.
+
+1.6 2004-02-18
+ * Merged conditional policy extensions from Tresys Technology.
+ * Added userspace avc and SID table implementation.
+ * Fixed type on size in getpeercon per Thorsten Kukuk's advice.
+ * Fixed use of getpwnam_r per Thorsten Kukuk's advice.
+ * Changed to use getpwnam_r rather than getpwnam internally to
+ avoid clobbering any existing pwd struct obtained by the caller.
+ * Added getpeercon function to encapsulate getsockopt SO_PEERSEC
+ and handle allocation ala getfilecon.
+ * Changed is_selinux_enabled to return -1 on errors.
+ * Changed to discover selinuxfs mount point via /proc/mounts
+ so that the mount point can be changed without rebuilding.
+
+1.4 2003-12-01
+ * Merged another cleanup patch from Bastian Blank and Joerg Hoh.
+ * Regenerate headers for new permissions.
+ * Merged static lib build patch from Bastian Blank and Joerg Hoh.
+ * Export SELINUXMNT definition, add SELINUXPOLICY definition.
+ * Add functions to provide access to enforce and policyvers.
+ * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
+ * Fixed type for 'size' in *getfilecon.
+ * Dropped -lattr and changed #include's to <sys/xattr.h>
+ * Merged patch to move shared library to /lib from Dan Walsh.
+ * Changed get_ordered_context_list to support a failsafe context.
+ * Added selinuxenabled utility.
+ * Merged const patch from Thorsten Kukuk.
+
+1.2 2003-09-30
+ * Change is_selinux_enabled to fail if policy isn't loaded.
+ * Changed Makefiles to allow non-root rpm builds.
+ * Added -lattr for libselinux.so to ensure proper binding.
+
+1.1 2003-08-13
+ * Ensure that context strings are padded with a null byte
+ in case the kernel didn't include one.
+ * Regenerate headers, update helpers.c for code cleanup.
+ * Pass soname flag to linker (Colin Walters).
+ * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
+
+1.0 2003-07-11
+ * Initial public release.
Deleted: tags/libselinux_1_30_28/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2006-09-05 14:57:13 UTC (rev 2026)
+++ tags/libselinux_1_30_28/libselinux/VERSION 2006-09-13 15:14:00 UTC (rev 2029)
@@ -1 +0,0 @@
-1.30.27
Copied: tags/libselinux_1_30_28/libselinux/VERSION (from rev 2028, trunk/libselinux/VERSION)
===================================================================
--- tags/libselinux_1_30_28/libselinux/VERSION (rev 0)
+++ tags/libselinux_1_30_28/libselinux/VERSION 2006-09-13 15:14:00 UTC (rev 2029)
@@ -0,0 +1 @@
+1.30.28
Deleted: tags/libselinux_1_30_28/libselinux/src/setrans_client.c
===================================================================
--- trunk/libselinux/src/setrans_client.c 2006-09-05 14:57:13 UTC (rev 2026)
+++ tags/libselinux_1_30_28/libselinux/src/setrans_client.c 2006-09-13 15:14:00 UTC (rev 2029)
@@ -1,322 +0,0 @@
-/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/un.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <netdb.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <unistd.h>
-#include "dso.h"
-#include "selinux_internal.h"
-#include "setrans_internal.h"
-
-static int mls_enabled = -1;
-
-// Simple cache
-static __thread security_context_t prev_t2r_trans = NULL;
-static __thread security_context_t prev_t2r_raw = NULL;
-static __thread security_context_t prev_r2t_trans = NULL;
-static __thread security_context_t prev_r2t_raw = NULL;
-
-int cache_trans hidden = 1;
-
-/*
- * setransd_open
- *
- * This function opens a socket to the setransd.
- * Returns: on success, a file descriptor ( >= 0 ) to the socket
- * on error, a negative value
- */
-static int setransd_open(void)
-{
- struct sockaddr_un addr;
- int fd;
-
- fd = socket(PF_UNIX, SOCK_STREAM, 0);
- if (fd < 0) {
- return -1;
- }
-
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path));
- if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
- close(fd);
- return -1;
- }
-
- return fd;
-}
-
-/* Returns: 0 on success, <0 on failure */
-static int
-send_request(int fd, uint32_t function, const char *data1, const char *data2)
-{
- struct iovec req_hdr[3];
- uint32_t data1_size;
- uint32_t data2_size;
- struct iovec req_data[2];
- ssize_t count;
-
- if (fd < 0)
- return -1;
-
- if (!data1)
- data1 = "";
- if (!data2)
- data2 = "";
-
- data1_size = strlen(data1) + 1;
- data2_size = strlen(data2) + 1;
-
- req_hdr[0].iov_base = &function;
- req_hdr[0].iov_len = sizeof(function);
- req_hdr[1].iov_base = &data1_size;
- req_hdr[1].iov_len = sizeof(data1_size);
- req_hdr[2].iov_base = &data2_size;
- req_hdr[2].iov_len = sizeof(data2_size);
-
- while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR)) ;
- if (count != (sizeof(function) + sizeof(data1_size) +
- sizeof(data2_size))) {
- return -1;
- }
-
- req_data[0].iov_base = (char *)data1;
- req_data[0].iov_len = data1_size;
- req_data[1].iov_base = (char *)data2;
- req_data[1].iov_len = data2_size;
-
- while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR)) ;
- if (count < 0 || (uint32_t) count != (data1_size + data2_size)) {
- return -1;
- }
-
- return 0;
-}
-
-/* Returns: 0 on success, <0 on failure */
-static int
-receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val)
-{
- struct iovec resp_hdr[3];
- uint32_t func;
- uint32_t data_size;
- char *data;
- struct iovec resp_data;
- ssize_t count;
-
- if (fd < 0)
- return -1;
-
- resp_hdr[0].iov_base = &func;
- resp_hdr[0].iov_len = sizeof(func);
- resp_hdr[1].iov_base = &data_size;
- resp_hdr[1].iov_len = sizeof(data_size);
- resp_hdr[2].iov_base = ret_val;
- resp_hdr[2].iov_len = sizeof(*ret_val);
-
- while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
- if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
- return -1;
- }
-
- if (func != function || !data_size || data_size > MAX_DATA_BUF) {
- return -1;
- }
-
- data = malloc(data_size);
- if (!data) {
- return -1;
- }
-
- resp_data.iov_base = data;
- resp_data.iov_len = data_size;
-
- while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ;
- if (count < 0 || (uint32_t) count != data_size ||
- data[data_size - 1] != '\0') {
- free(data);
- return -1;
- }
- *outdata = data;
- return 0;
-}
-
-static int raw_to_trans_context(char *raw, char **transp)
-{
- int ret;
- int32_t ret_val;
- int fd;
-
- *transp = NULL;
-
- fd = setransd_open();
- if (fd < 0)
- return fd;
-
- ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
- if (ret)
- goto out;
-
- ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
- if (ret)
- goto out;
-
- ret = ret_val;
- out:
- close(fd);
- return ret;
-}
-
-static int trans_to_raw_context(char *trans, char **rawp)
-{
- int ret;
- int32_t ret_val;
- int fd;
-
- *rawp = NULL;
-
- fd = setransd_open();
- if (fd < 0)
- return fd;
- ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
- if (ret)
- goto out;
-
- ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
- if (ret)
- goto out;
-
- ret = ret_val;
- out:
- close(fd);
- return ret;
-}
-
-hidden void fini_context_translations(void)
-{
- if (cache_trans) {
- free(prev_r2t_trans);
- free(prev_r2t_raw);
- free(prev_t2r_trans);
- free(prev_t2r_raw);
- }
-}
-
-hidden int init_context_translations(void)
-{
- int ret, fd;
- int32_t ret_val;
- char *out = NULL;
-
- mls_enabled = is_selinux_mls_enabled();
- if (!mls_enabled)
- return 0;
-
- fd = setransd_open();
- if (fd < 0)
- return fd;
-
- ret = send_request(fd, SETRANS_INIT, NULL, NULL);
- if (ret)
- goto out;
-
- ret = receive_response(fd, SETRANS_INIT, &out, &ret_val);
- free(out);
- if (!ret)
- ret = ret_val;
- out:
- close(fd);
- return ret;
-}
-
-int selinux_trans_to_raw_context(security_context_t trans,
- security_context_t * rawp)
-{
- if (!trans) {
- *rawp = NULL;
- return 0;
- }
-
- if (!mls_enabled) {
- *rawp = strdup(trans);
- goto out;
- }
-
- if (cache_trans) {
- if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) {
- *rawp = strdup(prev_t2r_raw);
- } else {
- free(prev_t2r_trans);
- prev_t2r_trans = NULL;
- free(prev_t2r_raw);
- prev_t2r_raw = NULL;
- if (trans_to_raw_context(trans, rawp))
- *rawp = strdup(trans);
- if (*rawp) {
- prev_t2r_trans = strdup(trans);
- if (!prev_t2r_trans)
- goto out;
- prev_t2r_raw = strdup(*rawp);
- if (!prev_t2r_raw) {
- free(prev_t2r_trans);
- prev_t2r_trans = NULL;
- }
- }
- }
- } else if (trans_to_raw_context(trans, rawp))
- *rawp = strdup(trans);
- out:
- return *rawp ? 0 : -1;
-}
-
-hidden_def(selinux_trans_to_raw_context)
-
-int selinux_raw_to_trans_context(security_context_t raw,
- security_context_t * transp)
-{
- if (!raw) {
- *transp = NULL;
- return 0;
- }
-
- if (!mls_enabled) {
- *transp = strdup(raw);
- goto out;
- }
-
- if (cache_trans) {
- if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) {
- *transp = strdup(prev_r2t_trans);
- } else {
- free(prev_r2t_raw);
- prev_r2t_raw = NULL;
- free(prev_r2t_trans);
- prev_r2t_trans = NULL;
- if (raw_to_trans_context(raw, transp))
- *transp = strdup(raw);
- if (*transp) {
- prev_r2t_raw = strdup(raw);
- if (!prev_r2t_raw)
- goto out;
- prev_r2t_trans = strdup(*transp);
- if (!prev_r2t_trans) {
- free(prev_r2t_raw);
- prev_r2t_raw = NULL;
- }
- }
- }
- } else if (raw_to_trans_context(raw, transp))
- *transp = strdup(raw);
- out:
- return *transp ? 0 : -1;
-}
-
-hidden_def(selinux_raw_to_trans_context)
Copied: tags/libselinux_1_30_28/libselinux/src/setrans_client.c (from rev 2027, trunk/libselinux/src/setrans_client.c)
===================================================================
--- tags/libselinux_1_30_28/libselinux/src/setrans_client.c (rev 0)
+++ tags/libselinux_1_30_28/libselinux/src/setrans_client.c 2006-09-13 15:14:00 UTC (rev 2029)
@@ -0,0 +1,322 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <netdb.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include "dso.h"
+#include "selinux_internal.h"
+#include "setrans_internal.h"
+
+static int mls_enabled = -1;
+
+// Simple cache
+static __thread security_context_t prev_t2r_trans = NULL;
+static __thread security_context_t prev_t2r_raw = NULL;
+static __thread security_context_t prev_r2t_trans = NULL;
+static __thread security_context_t prev_r2t_raw = NULL;
+
+int cache_trans hidden = 1;
+
+/*
+ * setransd_open
+ *
+ * This function opens a socket to the setransd.
+ * Returns: on success, a file descriptor ( >= 0 ) to the socket
+ * on error, a negative value
+ */
+static int setransd_open(void)
+{
+ struct sockaddr_un addr;
+ int fd;
+
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd < 0) {
+ return -1;
+ }
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path));
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ close(fd);
+ return -1;
+ }
+
+ return fd;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
+{
+ struct msghdr msgh;
+ struct iovec iov[5];
+ uint32_t data1_size;
+ uint32_t data2_size;
+ ssize_t count, expected;
+ unsigned int i;
+
+ if (fd < 0)
+ return -1;
+
+ if (!data1)
+ data1 = "";
+ if (!data2)
+ data2 = "";
+
+ data1_size = strlen(data1) + 1;
+ data2_size = strlen(data2) + 1;
+
+ iov[0].iov_base = &function;
+ iov[0].iov_len = sizeof(function);
+ iov[1].iov_base = &data1_size;
+ iov[1].iov_len = sizeof(data1_size);
+ iov[2].iov_base = &data2_size;
+ iov[2].iov_len = sizeof(data2_size);
+ iov[3].iov_base = (char *)data1;
+ iov[3].iov_len = data1_size;
+ iov[4].iov_base = (char *)data2;
+ iov[4].iov_len = data2_size;
+ memset(&msgh, 0, sizeof(msgh));
+ msgh.msg_iov = iov;
+ msgh.msg_iovlen = sizeof(iov)/sizeof(iov[0]);
+
+ expected = 0;
+ for (i = 0; i < sizeof(iov)/sizeof(iov[0]); i++)
+ expected += iov[i].iov_len;
+
+ while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) && (errno == EINTR)) ;
+ if (count < 0 || count != expected)
+ return -1;
+
+ return 0;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val)
+{
+ struct iovec resp_hdr[3];
+ uint32_t func;
+ uint32_t data_size;
+ char *data;
+ struct iovec resp_data;
+ ssize_t count;
+
+ if (fd < 0)
+ return -1;
+
+ resp_hdr[0].iov_base = &func;
+ resp_hdr[0].iov_len = sizeof(func);
+ resp_hdr[1].iov_base = &data_size;
+ resp_hdr[1].iov_len = sizeof(data_size);
+ resp_hdr[2].iov_base = ret_val;
+ resp_hdr[2].iov_len = sizeof(*ret_val);
+
+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
+ return -1;
+ }
+
+ if (func != function || !data_size || data_size > MAX_DATA_BUF) {
+ return -1;
+ }
+
+ data = malloc(data_size);
+ if (!data) {
+ return -1;
+ }
+
+ resp_data.iov_base = data;
+ resp_data.iov_len = data_size;
+
+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ;
+ if (count < 0 || (uint32_t) count != data_size ||
+ data[data_size - 1] != '\0') {
+ free(data);
+ return -1;
+ }
+ *outdata = data;
+ return 0;
+}
+
+static int raw_to_trans_context(char *raw, char **transp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *transp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+static int trans_to_raw_context(char *trans, char **rawp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *rawp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden void fini_context_translations(void)
+{
+ if (cache_trans) {
+ free(prev_r2t_trans);
+ free(prev_r2t_raw);
+ free(prev_t2r_trans);
+ free(prev_t2r_raw);
+ }
+}
+
+hidden int init_context_translations(void)
+{
+ int ret, fd;
+ int32_t ret_val;
+ char *out = NULL;
+
+ mls_enabled = is_selinux_mls_enabled();
+ if (!mls_enabled)
+ return 0;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, SETRANS_INIT, NULL, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, SETRANS_INIT, &out, &ret_val);
+ free(out);
+ if (!ret)
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *rawp = strdup(trans);
+ goto out;
+ }
+
+ if (cache_trans) {
+ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) {
+ *rawp = strdup(prev_t2r_raw);
+ } else {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ free(prev_t2r_raw);
+ prev_t2r_raw = NULL;
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ if (*rawp) {
+ prev_t2r_trans = strdup(trans);
+ if (!prev_t2r_trans)
+ goto out;
+ prev_t2r_raw = strdup(*rawp);
+ if (!prev_t2r_raw) {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ }
+ }
+ }
+ } else if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ out:
+ return *rawp ? 0 : -1;
+}
+
+hidden_def(selinux_trans_to_raw_context)
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *transp = strdup(raw);
+ goto out;
+ }
+
+ if (cache_trans) {
+ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) {
+ *transp = strdup(prev_r2t_trans);
+ } else {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ free(prev_r2t_trans);
+ prev_r2t_trans = NULL;
+ if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
+ if (*transp) {
+ prev_r2t_raw = strdup(raw);
+ if (!prev_r2t_raw)
+ goto out;
+ prev_r2t_trans = strdup(*transp);
+ if (!prev_r2t_trans) {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ }
+ }
+ }
+ } else if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
+ out:
+ return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_to_trans_context)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
