Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2008-05-05 14:42:07
|
Revision: 2875
http://selinux.svn.sourceforge.net/selinux/?rev=2875&view=rev
Author: ssmalley
Date: 2008-05-05 07:42:01 -0700 (Mon, 05 May 2008)
Log Message:
-----------
Fix man page description of defaults (refpolicy interfaces are not default)
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow.1
Modified: trunk/policycoreutils/audit2allow/audit2allow.1
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow.1 2008-04-21 16:59:06 UTC (rev 2874)
+++ trunk/policycoreutils/audit2allow/audit2allow.1 2008-05-05 14:42:01 UTC (rev 2875)
@@ -72,9 +72,11 @@
.TP
.B "\-N" | "\-\-noreference"
Do not generate reference policy, traditional style allow rules.
+This is the default behavior.
.TP
.B "\-R" | "\-\-reference"
-Generate reference policy using installed macros.Default
+Generate reference policy using installed macros.
+This attempts to match denials against interfaces and may be inaccurate.
.TP
.B "\-t " | "\-\-tefile"
Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-21 18:58:31
|
Revision: 2872
http://selinux.svn.sourceforge.net/selinux/?rev=2872&view=rev
Author: ssmalley
Date: 2008-04-21 09:56:35 -0700 (Mon, 21 Apr 2008)
Log Message:
-----------
updated libsemanage to version 2.0.25
Modified Paths:
--------------
trunk/libsemanage/ChangeLog
trunk/libsemanage/VERSION
Modified: trunk/libsemanage/ChangeLog
===================================================================
--- trunk/libsemanage/ChangeLog 2008-04-21 16:55:37 UTC (rev 2871)
+++ trunk/libsemanage/ChangeLog 2008-04-21 16:56:35 UTC (rev 2872)
@@ -1,3 +1,7 @@
+2.0.25 2008-04-21
+ * Do not call genhomedircon if the policy was not rebuilt from Stephen Smalley.
+ Fixes semanage boolean -D seg fault (bug 441379).
+
2.0.24 2008-02-26
* make swigify
Modified: trunk/libsemanage/VERSION
===================================================================
--- trunk/libsemanage/VERSION 2008-04-21 16:55:37 UTC (rev 2871)
+++ trunk/libsemanage/VERSION 2008-04-21 16:56:35 UTC (rev 2872)
@@ -1 +1 @@
-2.0.24
+2.0.25
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-21 17:58:41
|
Revision: 2871
http://selinux.svn.sourceforge.net/selinux/?rev=2871&view=rev
Author: ssmalley
Date: 2008-04-21 09:55:37 -0700 (Mon, 21 Apr 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsemanage: don't call genhomedircon if policy was not rebuilt
Date: Mon, 21 Apr 2008 09:41:15 -0400
See:
https://bugzilla.redhat.com/show_bug.cgi?id=441379
It appears to me that what is happening here is we have a case where
nothing is being rebuilt (semanage boolean -D is being applied but there
are no local boolean definitions and thus no change), and thus
semanage_direct_commit() does not rebuild the policy (conditional on
sh->do_rebuild || modified), leaving the out policydb == NULL. Then
when it calls semanage_genhomedircon(sh, out, 1) the NULL policydb
pointer ultimately gets passed down to libsepol and that then triggers a
seg fault upon the attempted dereference.
This patch ensures that we do not call genhomedircon if the policy was
not rebuilt, as there is no need to regenerate home directory contexts
in that situation. This avoids the bug for semanage boolean -D while
still properly handling semodule -Bn aka genhomedircon or other
operations.
Signed-off-by: Stephen Smalley <sd...@ty...>
Acked-by: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/libsemanage/src/direct_api.c
Modified: trunk/libsemanage/src/direct_api.c
===================================================================
--- trunk/libsemanage/src/direct_api.c 2008-04-18 14:23:06 UTC (rev 2870)
+++ trunk/libsemanage/src/direct_api.c 2008-04-21 16:55:37 UTC (rev 2871)
@@ -708,7 +708,7 @@
/* run genhomedircon if its enabled, this should be the last operation
* which requires the out policydb */
if (!sh->conf->disable_genhomedircon) {
- if ((retval =
+ if (out && (retval =
semanage_genhomedircon(sh, out, 1)) != 0) {
ERR(sh, "semanage_genhomedircon returned error code %d.",
retval);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-21 17:00:39
|
Revision: 2874
http://selinux.svn.sourceforge.net/selinux/?rev=2874&view=rev
Author: ssmalley
Date: 2008-04-21 09:59:06 -0700 (Mon, 21 Apr 2008)
Log Message:
-----------
updated libselinux to version 2.0.64
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-04-21 16:58:38 UTC (rev 2873)
+++ trunk/libselinux/ChangeLog 2008-04-21 16:59:06 UTC (rev 2874)
@@ -1,3 +1,6 @@
+2.0.64 2008-04-21
+ * Fixed selinux_set_callback man page.
+
2.0.63 2008-04-18
* Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-04-21 16:58:38 UTC (rev 2873)
+++ trunk/libselinux/VERSION 2008-04-21 16:59:06 UTC (rev 2874)
@@ -1 +1 @@
-2.0.63
+2.0.64
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-21 16:58:52
|
Revision: 2873
http://selinux.svn.sourceforge.net/selinux/?rev=2873&view=rev
Author: ssmalley
Date: 2008-04-21 09:58:38 -0700 (Mon, 21 Apr 2008)
Log Message:
-----------
Fix man page (SELABEL_ => SELINUX_).
Modified Paths:
--------------
trunk/libselinux/man/man3/selinux_set_callback.3
Modified: trunk/libselinux/man/man3/selinux_set_callback.3
===================================================================
--- trunk/libselinux/man/man3/selinux_set_callback.3 2008-04-21 16:56:35 UTC (rev 2872)
+++ trunk/libselinux/man/man3/selinux_set_callback.3 2008-04-21 16:58:38 UTC (rev 2873)
@@ -27,7 +27,7 @@
.I type
are:
.TP
-.B SELABEL_CB_LOG
+.B SELINUX_CB_LOG
.BI "int (*" func_log ") (int " type ", const char *" fmt ", ...);"
This callback is used for logging and should process the
@@ -47,7 +47,7 @@
.B SELINUX_AVC
.TP
-.B SELABEL_CB_AUDIT
+.B SELINUX_CB_AUDIT
.BI "int (*" func_audit ") (void *" auditdata ", security_class_t " cls ,
.in +\w'int (*func_audit) ('u
.BI "char *" msgbuf ", size_t " msgbufsize ");"
@@ -66,7 +66,7 @@
characters.
.TP
-.B SELABEL_CB_VALIDATE
+.B SELINUX_CB_VALIDATE
.BI "int (*" func_validate ") (security_context_t *" ctx ");"
This callback is used for context validation. The callback may optionally modify the input context by setting the target of the
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:23:13
|
Revision: 2870
http://selinux.svn.sourceforge.net/selinux/?rev=2870&view=rev
Author: ssmalley
Date: 2008-04-18 07:23:06 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Mention the -C aka --locallist option.
Modified Paths:
--------------
trunk/policycoreutils/semanage/semanage.8
Modified: trunk/policycoreutils/semanage/semanage.8
===================================================================
--- trunk/policycoreutils/semanage/semanage.8 2008-04-18 14:13:44 UTC (rev 2869)
+++ trunk/policycoreutils/semanage/semanage.8 2008-04-18 14:23:06 UTC (rev 2870)
@@ -3,7 +3,7 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n]
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|lC|D} [\-n]
.br
.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
.br
@@ -58,6 +58,9 @@
.I \-l, \-\-list
List the OBJECTS
.TP
+.I \-C, \-\-locallist
+List only locally defined settings, not base policy settings.
+.TP
.I \-L, \-\-level
Default SELinux Level for SELinux use, s0 Default. (MLS/MCS Systems only)
.TP
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:13:56
|
Revision: 2869
http://selinux.svn.sourceforge.net/selinux/?rev=2869&view=rev
Author: ssmalley
Date: 2008-04-18 07:13:44 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
updated policycoreutils/ to version 2.0.47
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-04-18 14:12:40 UTC (rev 2868)
+++ trunk/policycoreutils/ChangeLog 2008-04-18 14:13:44 UTC (rev 2869)
@@ -1,3 +1,7 @@
+2.0.47 2008-04-18
+ * Update semanage man page for booleans from Dan Walsh.
+ * Add further error checking to seobject.py for setting booleans.
+
2.0.46 2008-03-18
* Update audit2allow to report dontaudit cases from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-04-18 14:12:40 UTC (rev 2868)
+++ trunk/policycoreutils/VERSION 2008-04-18 14:13:44 UTC (rev 2869)
@@ -1 +1 @@
-2.0.46
+2.0.47
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:12:53
|
Revision: 2868
http://selinux.svn.sourceforge.net/selinux/?rev=2868&view=rev
Author: ssmalley
Date: 2008-04-18 07:12:40 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: semanage man page updated for booleans
Date: Tue, 08 Apr 2008 09:59:02 -0400
[sds: some fixes to the entry, including mention of the
--on/--off/-1/-0 options and removal of the -T option as that
doesn't apply here.]
[sds: also add checking of return status to seobject.py for
set_active call]
Modified Paths:
--------------
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-04-18 14:00:16 UTC (rev 2867)
+++ trunk/policycoreutils/semanage/seobject.py 2008-04-18 14:12:40 UTC (rev 2868)
@@ -1377,7 +1377,9 @@
if rc < 0:
raise ValueError(_("Could not start semanage transaction"))
- rc = semanage_bool_set_active(self.sh, k, b)
+ rc = semanage_bool_set_active(self.sh, k, b)
+ if rc < 0:
+ raise ValueError(_("Could not set active value of boolean %s") % name)
rc = semanage_bool_modify_local(self.sh, k, b)
if rc < 0:
raise ValueError(_("Could not modify boolean %s") % name)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 14:00:20
|
Revision: 2867
http://selinux.svn.sourceforge.net/selinux/?rev=2867&view=rev
Author: ssmalley
Date: 2008-04-18 07:00:16 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: semanage man page updated for booleans
Date: Tue, 08 Apr 2008 09:59:02 -0400
Modified Paths:
--------------
trunk/policycoreutils/semanage/semanage.8
Modified: trunk/policycoreutils/semanage/semanage.8
===================================================================
--- trunk/policycoreutils/semanage/semanage.8 2008-04-18 13:56:23 UTC (rev 2866)
+++ trunk/policycoreutils/semanage/semanage.8 2008-04-18 14:00:16 UTC (rev 2867)
@@ -3,8 +3,10 @@
semanage \- SELinux Policy Management tool
.SH "SYNOPSIS"
-.B semanage {login|user|port|interface|fcontext|translation} \-l [\-n]
+.B semanage {boolean|login|user|port|interface|fcontext|translation} \-{l|D} [\-n]
.br
+.B semanage boolean \-{d|m} [\-\-on|\-\-off|\-1|\-0] boolean
+.br
.B semanage login \-{a|d|m} [\-sr] login_name
.br
.B semanage user \-{a|d|m} [\-LrRP] selinux_name
@@ -43,6 +45,9 @@
.I \-d, \-\-delete
Delete a OBJECT record NAME
.TP
+.I \-D, \-\-deleteall
+Remove all OBJECTS local customizations
+.TP
.I \-f, \-\-ftype
File Type. This is used with fcontext.
Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:57:46
|
Revision: 2861
http://selinux.svn.sourceforge.net/selinux/?rev=2861&view=rev
Author: ssmalley
Date: 2008-04-18 06:47:18 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux/matchpathcon has a memory leak
Date: Fri, 14 Mar 2008 15:27:11 -0400
Here is a new version of the patch.
The clearing out of the data instead of freeing it is a leftover from
when that was a global variable. That was the cause of the leak I
thought was the result of a missing matchpathcon_fini().
Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/label.c
trunk/libselinux/src/label_file.c
Modified: trunk/libselinux/src/label.c
===================================================================
--- trunk/libselinux/src/label.c 2008-03-31 14:22:40 UTC (rev 2860)
+++ trunk/libselinux/src/label.c 2008-04-18 13:47:18 UTC (rev 2861)
@@ -95,7 +95,7 @@
if (compat_validate(rec, lr, "file_contexts", 0))
return NULL;
- if (translating &&
+ if (translating && !lr->ctx_trans &&
selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
return NULL;
Modified: trunk/libselinux/src/label_file.c
===================================================================
--- trunk/libselinux/src/label_file.c 2008-03-31 14:22:40 UTC (rev 2860)
+++ trunk/libselinux/src/label_file.c 2008-04-18 13:47:18 UTC (rev 2861)
@@ -562,7 +562,7 @@
if (data->stem_arr)
free(data->stem_arr);
- memset(data, 0, sizeof(*data));
+ free(data);
}
static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:56:45
|
Revision: 2865
http://selinux.svn.sourceforge.net/selinux/?rev=2865&view=rev
Author: ssmalley
Date: 2008-04-18 06:55:39 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: "Todd C. Miller"
Email: tm...@tr...
Subject: PATCH: add downgrade test to libsepol test harness
Date: Fri, 7 Mar 2008 16:00:26 -0500
Test to check downgrading of policies using libsepol. Verifies that
when we downgrade a policy on write we can read it back in again.
Note: to test this you will need to mkdir
libsepol/tests/policies/test-downgrade by hand.
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/libsepol/tests/Makefile
trunk/libsepol/tests/libsepol-tests.c
Added Paths:
-----------
trunk/libsepol/tests/test-downgrade.c
trunk/libsepol/tests/test-downgrade.h
Modified: trunk/libsepol/tests/Makefile
===================================================================
--- trunk/libsepol/tests/Makefile 2008-04-18 13:52:10 UTC (rev 2864)
+++ trunk/libsepol/tests/Makefile 2008-04-18 13:55:39 UTC (rev 2865)
@@ -43,8 +43,12 @@
clean:
rm -f $(objs) $(EXE)
rm -f $(policies)
+ rm -f policies/test-downgrade/policy.hi policies/test-downgrade/policy.lo
+
test: $(EXE) $(policies)
+ $(MKDIR) -p policies/test-downgrade
+ ../../checkpolicy/checkpolicy -M policies/test-cond/refpolicy-base.conf -o policies/test-downgrade/policy.hi
./$(EXE)
.PHONY: all policies clean test
Modified: trunk/libsepol/tests/libsepol-tests.c
===================================================================
--- trunk/libsepol/tests/libsepol-tests.c 2008-04-18 13:52:10 UTC (rev 2864)
+++ trunk/libsepol/tests/libsepol-tests.c 2008-04-18 13:55:39 UTC (rev 2865)
@@ -22,6 +22,7 @@
#include "test-linker.h"
#include "test-expander.h"
#include "test-deps.h"
+#include "test-downgrade.h"
#include <CUnit/Basic.h>
#include <CUnit/Console.h>
@@ -61,6 +62,7 @@
DECLARE_SUITE(linker);
DECLARE_SUITE(expander);
DECLARE_SUITE(deps);
+ DECLARE_SUITE(downgrade);
if (verbose)
CU_basic_set_mode(CU_BRM_VERBOSE);
Added: trunk/libsepol/tests/test-downgrade.c
===================================================================
--- trunk/libsepol/tests/test-downgrade.c (rev 0)
+++ trunk/libsepol/tests/test-downgrade.c 2008-04-18 13:55:39 UTC (rev 2865)
@@ -0,0 +1,273 @@
+/*
+ * Author: Mary Garvin <mg...@tr...>
+ *
+ * Copyright (C) 2007-2008 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "test-downgrade.h"
+#include "parse_util.h"
+#include "helpers.h"
+
+#include <sepol/debug.h>
+#include <sepol/handle.h>
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/link.h>
+#include <sepol/policydb/expand.h>
+#include <sepol/policydb/conditional.h>
+#include <limits.h>
+#include <CUnit/Basic.h>
+
+#define POLICY_BIN_HI "policies/test-downgrade/policy.hi"
+#define POLICY_BIN_LO "policies/test-downgrade/policy.lo"
+
+static policydb_t policydb;
+
+/*
+ * Function Name: downgrade_test_init
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Initialize the policydb (policy data base structure)
+ */
+int downgrade_test_init(void)
+{
+ /* Initialize the policydb_t structure */
+ if (policydb_init(&policydb)) {
+ fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__);
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ * Function Name: downgrade_test_cleanup
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Destroys policydb structure
+ */
+int downgrade_test_cleanup(void)
+{
+ policydb_destroy(&policydb);
+
+ return 0;
+}
+
+/*
+ * Function Name: downgrade_add_tests
+ *
+ * Input: CU_pSuite
+ *
+ * Output: Returns 0 upon success. Returns a CUnit error value on failure.
+ *
+ * Description: Add the given downgrade tests to the downgrade suite.
+ */
+int downgrade_add_tests(CU_pSuite suite)
+{
+ if (CU_add_test(suite, "downgrade", test_downgrade) == NULL)
+ return CU_get_error();
+
+ return 0;
+}
+
+/*
+ * Function Name: test_downgrade_possible
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description:
+ * Tests the backward compatability of MLS and Non-MLS binary policy versions.
+ */
+void test_downgrade(void)
+{
+ if (do_downgrade_test(0) < 0)
+ fprintf(stderr,
+ "\nError during downgrade testing of Non-MLS policy\n");
+
+
+ if (do_downgrade_test(1) < 0)
+ fprintf(stderr,
+ "\nError during downgrade testing of MLS policy\n");
+}
+
+/*
+ * Function Name: do_downgrade_test
+ *
+ * Input: 0 for Non-MLS policy and 1 for MLS policy downgrade testing
+ *
+ * Output: 0 on success, negative number upon failure
+ *
+ * Description: This function handles the downgrade testing.
+ * A binary policy is read into the policydb structure, the
+ * policy version is decreased by a specific amount, written
+ * back out and then read back in again. The process is
+ * repeated until the minimum policy version is reached.
+ */
+int do_downgrade_test(int mls)
+{
+ policydb_t policydb_tmp;
+ int hi, lo, version;
+
+ /* Reset policydb for re-use */
+ policydb_destroy(&policydb);
+ downgrade_test_init();
+
+ /* Read in the hi policy from file */
+ if (read_binary_policy(POLICY_BIN_HI, &policydb) != 0) {
+ fprintf(stderr, "error reading %spolicy binary\n", mls ? "mls " : "");
+ CU_FAIL("Unable to read the binary policy");
+ return -1;
+ }
+
+ /* Change MLS value based on parameter */
+ policydb.mls = mls ? 1 : 0;
+
+ for (hi = policydb.policyvers; hi >= POLICYDB_VERSION_MIN; hi--) {
+ /* Stash old version number */
+ version = policydb.policyvers;
+
+ /* Try downgrading to each possible version. */
+ for (lo = hi - 1; lo >= POLICYDB_VERSION_MIN; lo--) {
+
+ /* Reduce policy version */
+ policydb.policyvers = lo;
+
+ /* Write out modified binary policy */
+ if (write_binary_policy(POLICY_BIN_LO, &policydb) != 0) {
+ /*
+ * Error from MLS to pre-MLS is expected due
+ * to MLS re-implementation in version 19.
+ */
+ if (mls && lo < POLICYDB_VERSION_MLS)
+ continue;
+
+ fprintf(stderr, "error writing %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi);
+ CU_FAIL("Failed to write downgraded binary policy");
+ return -1;
+ }
+
+ /* Make sure we can read back what we wrote. */
+ if (policydb_init(&policydb_tmp)) {
+ fprintf(stderr, "%s: Out of memory!\n",
+ __FUNCTION__);
+ return -1;
+ }
+ if (read_binary_policy(POLICY_BIN_LO, &policydb_tmp) != 0) {
+ fprintf(stderr, "error reading %spolicy binary, version %d (downgraded from %d)\n", mls ? "mls " : "", lo, hi);
+ CU_FAIL("Unable to read downgraded binary policy");
+ return -1;
+ }
+ policydb_destroy(&policydb_tmp);
+ }
+ /* Restore version number */
+ policydb.policyvers = version;
+ }
+
+ return 0;
+}
+
+/*
+ * Function Name: read_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read binary policy into policydb
+ * structure.
+ */
+int read_binary_policy(const char *path, policydb_t *p)
+{
+ FILE *in_fp = NULL;
+ struct policy_file f;
+ int rc;
+
+ /* Open the binary policy file */
+ if ((in_fp = fopen(path, "rb")) == NULL) {
+ fprintf(stderr, "Unable to open %s: %s\n", path,
+ strerror(errno));
+ sepol_handle_destroy(f.handle);
+ return -1;
+ }
+
+ /* Read in the binary policy. */
+ memset(&f, 0, sizeof(struct policy_file));
+ f.type = PF_USE_STDIO;
+ f.fp = in_fp;
+ rc = policydb_read(p, &f, 0);
+
+ sepol_handle_destroy(f.handle);
+ fclose(in_fp);
+ return rc;
+}
+
+/*
+ * Function Name: write_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: open file and write the binary policy from policydb structure.
+ */
+int write_binary_policy(const char *path, policydb_t *p)
+{
+ FILE *out_fp = NULL;
+ struct policy_file f;
+ sepol_handle_t *handle;
+ int rc;
+
+ /* We don't want libsepol to print warnings to stderr */
+ handle = sepol_handle_create();
+ if (handle == NULL) {
+ fprintf(stderr, "Out of memory!\n");
+ return -1;
+ }
+ sepol_msg_set_callback(handle, NULL, NULL);
+
+ /* Open the binary policy file for writing */
+ if ((out_fp = fopen(path, "w" )) == NULL) {
+ fprintf(stderr, "Unable to open %s: %s\n", path,
+ strerror(errno));
+ sepol_handle_destroy(f.handle);
+ return -1;
+ }
+
+ /* Write the binary policy */
+ memset(&f, 0, sizeof(struct policy_file));
+ f.type = PF_USE_STDIO;
+ f.fp = out_fp;
+ f.handle = handle;
+ rc = policydb_write(p, &f);
+
+ sepol_handle_destroy(f.handle);
+ fclose(out_fp);
+ return rc;
+}
Added: trunk/libsepol/tests/test-downgrade.h
===================================================================
--- trunk/libsepol/tests/test-downgrade.h (rev 0)
+++ trunk/libsepol/tests/test-downgrade.h 2008-04-18 13:55:39 UTC (rev 2865)
@@ -0,0 +1,119 @@
+/*
+ * Author: Mary Garvin <mg...@tr...>
+ *
+ * Copyright (C) 2007-2008 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_DOWNGRADE_H__
+#define __TEST_DOWNGRADE_H__
+
+#include <CUnit/Basic.h>
+#include <sepol/policydb/policydb.h>
+
+/*
+ * Function Name: downgrade_test_init
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Initialize the policydb (policy data base structure)
+ */
+int downgrade_test_init(void);
+
+/*
+ * Function Name: downgrade_test_cleanup
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Destroys policydb structure
+ */
+int downgrade_test_cleanup(void);
+
+/*
+ * Function Name: downgrade_add_tests
+ *
+ * Input: CU_pSuite
+ *
+ * Output: Returns 0 upon success. Upon failure, a CUnit testing error
+ * value is returned
+ *
+ * Description: Add the given downgrade tests to the downgrade suite.
+ */
+int downgrade_add_tests(CU_pSuite suite);
+
+/*
+ * Function Name: test_downgrade_possible
+ *
+ * Input: None
+ *
+ * Output: None
+ *
+ * Description: Tests the backward compatability of MLS and Non-MLS binary
+ * policy versions.
+ */
+void test_downgrade(void);
+
+/*
+ * Function Name: do_downgrade_test
+ *
+ * Input: int that represents a 0 for Non-MLS policy and a
+ * 1 for MLS policy downgrade testing
+ *
+ * Output: (int) 0 on success, negative number upon failure
+ *
+ * Description: This function handles the downgrade testing. A binary policy
+ * is read into the policydb structure, the policy version is
+ * decreased by a specific amount, written back out and then read
+ * back in again. The process is iterative until the minimum
+ * policy version is reached.
+ */
+int do_downgrade_test(int mls);
+
+/*
+ * Function Name: read_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read in the binary policy
+ * into the policydb structure.
+ */
+int read_binary_policy(const char *path, policydb_t *);
+
+/*
+ * Function Name: write_binary_policy
+ *
+ * Input: char * which is the path to the file containing the binary policy
+ *
+ * Output: Returns 0 upon success. Upon failure, -1 is returned.
+ * Possible failures are, filename with given path does not exist,
+ * a failure to open the file, or a failure from prolicydb_read
+ * function call.
+ *
+ * Description: Get a filename, open file and read in the binary policy
+ * into the policydb structure.
+ */
+int write_binary_policy(const char *path, policydb_t *);
+
+#endif
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:56:31
|
Revision: 2866
http://selinux.svn.sourceforge.net/selinux/?rev=2866&view=rev
Author: ssmalley
Date: 2008-04-18 06:56:23 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
updated libsepol to version 2.0.27
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-04-18 13:55:39 UTC (rev 2865)
+++ trunk/libsepol/ChangeLog 2008-04-18 13:56:23 UTC (rev 2866)
@@ -1,3 +1,6 @@
+2.0.27 2008-04-18
+ * Belatedly merge test for policy downgrade from Todd Miller.
+
2.0.26 2008-03-24
* Add permissive domain support from Eric Paris.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-04-18 13:55:39 UTC (rev 2865)
+++ trunk/libsepol/VERSION 2008-04-18 13:56:23 UTC (rev 2866)
@@ -1 +1 @@
-2.0.26
+2.0.27
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:52:30
|
Revision: 2863
http://selinux.svn.sourceforge.net/selinux/?rev=2863&view=rev
Author: ssmalley
Date: 2008-04-18 06:50:58 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: upstart/SELinux problem loading the wrong policy with kernel version change
Date: Tue, 08 Apr 2008 09:29:46 -0400
If we are not setting local definitions or preserving booleans, then the
maximum policy version for load can be the max of the kernel-supported
version and the libsepol-supported version since we do not need to
manipulate the policy image prior to load.
Modified Paths:
--------------
trunk/libselinux/src/load_policy.c
Modified: trunk/libselinux/src/load_policy.c
===================================================================
--- trunk/libselinux/src/load_policy.c 2008-04-18 13:48:24 UTC (rev 2862)
+++ trunk/libselinux/src/load_policy.c 2008-04-18 13:50:58 UTC (rev 2863)
@@ -43,6 +43,9 @@
int load_setlocaldefs hidden = 1;
+#undef max
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
int selinux_mkload_policy(int preservebools)
{
int kernvers = security_policyvers();
@@ -127,11 +130,6 @@
#endif
- if (usesepol) {
- maxvers = vers_max();
- minvers = vers_min();
- }
-
/*
* Check whether we need to support local boolean and user definitions.
*/
@@ -157,6 +155,13 @@
if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
preservebools = 0;
+ if (usesepol) {
+ maxvers = vers_max();
+ minvers = vers_min();
+ if (!setlocaldefs && !preservebools)
+ maxvers = max(kernvers, maxvers);
+ }
+
vers = maxvers;
search:
snprintf(path, sizeof(path), "%s.%d",
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:52:14
|
Revision: 2864
http://selinux.svn.sourceforge.net/selinux/?rev=2864&view=rev
Author: ssmalley
Date: 2008-04-18 06:52:10 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
updated libselinux to version 2.0.63
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-04-18 13:50:58 UTC (rev 2863)
+++ trunk/libselinux/ChangeLog 2008-04-18 13:52:10 UTC (rev 2864)
@@ -1,3 +1,6 @@
+2.0.63 2008-04-18
+ * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
+
2.0.62 2008-04-18
* Fix memory leaks in matchpathcon from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-04-18 13:50:58 UTC (rev 2863)
+++ trunk/libselinux/VERSION 2008-04-18 13:52:10 UTC (rev 2864)
@@ -1 +1 @@
-2.0.62
+2.0.63
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-04-18 13:48:56
|
Revision: 2862
http://selinux.svn.sourceforge.net/selinux/?rev=2862&view=rev
Author: ssmalley
Date: 2008-04-18 06:48:24 -0700 (Fri, 18 Apr 2008)
Log Message:
-----------
updated libselinux to version 2.0.62
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-04-18 13:47:18 UTC (rev 2861)
+++ trunk/libselinux/ChangeLog 2008-04-18 13:48:24 UTC (rev 2862)
@@ -1,3 +1,6 @@
+2.0.62 2008-04-18
+ * Fix memory leaks in matchpathcon from Eamon Walsh.
+
2.0.61 2008-03-31
* Man page typo fix from Jim Meyering.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-04-18 13:47:18 UTC (rev 2861)
+++ trunk/libselinux/VERSION 2008-04-18 13:48:24 UTC (rev 2862)
@@ -1 +1 @@
-2.0.61
+2.0.62
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-31 14:22:41
|
Revision: 2860
http://selinux.svn.sourceforge.net/selinux/?rev=2860&view=rev
Author: ssmalley
Date: 2008-03-31 07:22:40 -0700 (Mon, 31 Mar 2008)
Log Message:
-----------
updated libselinux to version 2.0.61
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-03-31 14:21:13 UTC (rev 2859)
+++ trunk/libselinux/ChangeLog 2008-03-31 14:22:40 UTC (rev 2860)
@@ -1,3 +1,6 @@
+2.0.61 2008-03-31
+ * Man page typo fix from Jim Meyering.
+
2.0.60 2008-03-20
* Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-03-31 14:21:13 UTC (rev 2859)
+++ trunk/libselinux/VERSION 2008-03-31 14:22:40 UTC (rev 2860)
@@ -1 +1 @@
-2.0.60
+2.0.61
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-31 14:21:16
|
Revision: 2859
http://selinux.svn.sourceforge.net/selinux/?rev=2859&view=rev
Author: ssmalley
Date: 2008-03-31 07:21:13 -0700 (Mon, 31 Mar 2008)
Log Message:
-----------
Author: Jim Meyering
Email: ji...@me...
Subject: doc typo fix: s/behaviors/behavior/
Date: Sat, 29 Mar 2008 19:23:35 +0100
Here's a tiny typo fix:
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/man3/getexeccon.3
trunk/libselinux/man/man3/getfscreatecon.3
Modified: trunk/libselinux/man/man3/getexeccon.3
===================================================================
--- trunk/libselinux/man/man3/getexeccon.3 2008-03-24 20:19:06 UTC (rev 2858)
+++ trunk/libselinux/man/man3/getexeccon.3 2008-03-31 14:21:13 UTC (rev 2859)
@@ -34,7 +34,7 @@
Note: Signal handlers that perform an execve must take care to
-save, reset, and restore the exec context to avoid unexpected behaviors.
+save, reset, and restore the exec context to avoid unexpected behavior.
.B rpm_execcon
Modified: trunk/libselinux/man/man3/getfscreatecon.3
===================================================================
--- trunk/libselinux/man/man3/getfscreatecon.3 2008-03-24 20:19:06 UTC (rev 2858)
+++ trunk/libselinux/man/man3/getfscreatecon.3 2008-03-31 14:21:13 UTC (rev 2859)
@@ -29,7 +29,7 @@
Note: Signal handlers that perform an setfscreate must take care to
-save, reset, and restore the fscreate context to avoid unexpected behaviors.
+save, reset, and restore the fscreate context to avoid unexpected behavior.
.SH "RETURN VALUE"
On error -1 is returned.
On success 0 is returned.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-24 20:19:10
|
Revision: 2858
http://selinux.svn.sourceforge.net/selinux/?rev=2858&view=rev
Author: ssmalley
Date: 2008-03-24 13:19:06 -0700 (Mon, 24 Mar 2008)
Log Message:
-----------
updated checkpolicy to version 2.0.14
Modified Paths:
--------------
trunk/checkpolicy/ChangeLog
trunk/checkpolicy/VERSION
Modified: trunk/checkpolicy/ChangeLog
===================================================================
--- trunk/checkpolicy/ChangeLog 2008-03-24 20:18:43 UTC (rev 2857)
+++ trunk/checkpolicy/ChangeLog 2008-03-24 20:19:06 UTC (rev 2858)
@@ -1,3 +1,6 @@
+2.0.14 2008-03-24
+ * Add permissive domain support from Eric Paris.
+
2.0.13 2008-03-05
* Split out non-grammar parts of policy_parse.yacc into
policy_define.c and policy_define.h from Todd C. Miller.
Modified: trunk/checkpolicy/VERSION
===================================================================
--- trunk/checkpolicy/VERSION 2008-03-24 20:18:43 UTC (rev 2857)
+++ trunk/checkpolicy/VERSION 2008-03-24 20:19:06 UTC (rev 2858)
@@ -1 +1 @@
-2.0.13
+2.0.14
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-24 20:19:05
|
Revision: 2856
http://selinux.svn.sourceforge.net/selinux/?rev=2856&view=rev
Author: ssmalley
Date: 2008-03-24 13:18:16 -0700 (Mon, 24 Mar 2008)
Log Message:
-----------
Author: Eric Paris
Email: ep...@re...
Subject: checkpolicy: support for permissive types
Date: Mon, 24 Mar 2008 10:11:20 -0400
This patch adds support for permissive domains.
A very simple module to make httpd_t a permissive domain would be:
policy_module(permissiveapache, 1.0)
gen_require(`
type httpd_t;
')
permissive httpd_t;
Obviously this syntax can be used in both the base policy and in a
policy module.
Signed-off-by: Eric Paris <ep...@re...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/checkpolicy/policy_define.c
trunk/checkpolicy/policy_define.h
trunk/checkpolicy/policy_parse.y
trunk/checkpolicy/policy_scan.l
trunk/checkpolicy/test/dismod.c
trunk/checkpolicy/test/dispol.c
Modified: trunk/checkpolicy/policy_define.c
===================================================================
--- trunk/checkpolicy/policy_define.c 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/policy_define.c 2008-03-24 20:18:16 UTC (rev 2856)
@@ -195,6 +195,49 @@
return -1;
}
+int define_permissive(void)
+{
+ char *type = NULL;
+ struct type_datum *t;
+ int rc = 0;
+
+ type = queue_remove(id_queue);
+
+ if (!type) {
+ yyerror2("forgot to include type in permissive definition?");
+ rc = -1;
+ goto out;
+ }
+
+ if (pass == 1)
+ goto out;
+
+ if (!is_id_in_scope(SYM_TYPES, type)) {
+ yyerror2("type %s is not within scope", type);
+ rc = -1;
+ goto out;
+ }
+
+ t = hashtab_search(policydbp->p_types.table, type);
+ if (!t) {
+ yyerror2("type is not defined: %s", type);
+ rc = -1;
+ goto out;
+ }
+
+ if (t->flavor == TYPE_ATTRIB) {
+ yyerror2("attributes may not be permissive: %s\n", type);
+ rc = -1;
+ goto out;
+ }
+
+ t->flags |= TYPE_FLAGS_PERMISSIVE;
+
+out:
+ free(type);
+ return rc;
+}
+
int define_polcap(void)
{
char *id = 0;
Modified: trunk/checkpolicy/policy_define.h
===================================================================
--- trunk/checkpolicy/policy_define.h 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/policy_define.h 2008-03-24 20:18:16 UTC (rev 2856)
@@ -36,6 +36,7 @@
int define_ipv6_node_context(void);
int define_level(void);
int define_netif_context(void);
+int define_permissive(void);
int define_polcap(void);
int define_port_context(unsigned int low, unsigned int high);
int define_range_trans(int class_specified);
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/policy_parse.y 2008-03-24 20:18:16 UTC (rev 2856)
@@ -135,6 +135,7 @@
%token IPV6_ADDR
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
%token POLICYCAP
+%token PERMISSIVE
%left OR
%left XOR
@@ -261,6 +262,7 @@
| transition_def
| range_trans_def
| te_avtab_def
+ | permissive_def
;
attribute_def : ATTRIBUTE identifier ';'
{ if (define_attrib()) return -1;}
@@ -706,6 +708,8 @@
policycap_def : POLICYCAP identifier ';'
{if (define_polcap()) return -1;}
;
+permissive_def : PERMISSIVE identifier ';'
+ {if (define_permissive()) return -1;}
/*********** module grammar below ***********/
Modified: trunk/checkpolicy/policy_scan.l
===================================================================
--- trunk/checkpolicy/policy_scan.l 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/policy_scan.l 2008-03-24 20:18:16 UTC (rev 2856)
@@ -202,7 +202,9 @@
h2 |
H2 { return(H2); }
policycap |
-POLICYCAP { return(POLICYCAP);}
+POLICYCAP { return(POLICYCAP); }
+permissive |
+PERMISSIVE { return(PERMISSIVE); }
"/"({alnum}|[_.-/])* { return(PATH); }
{letter}({alnum}|[_-])*([.]?({alnum}|[_-]))* { return(IDENTIFIER); }
{digit}+ { return(NUMBER); }
Modified: trunk/checkpolicy/test/dismod.c
===================================================================
--- trunk/checkpolicy/test/dismod.c 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/test/dismod.c 2008-03-24 20:18:16 UTC (rev 2856)
@@ -323,7 +323,7 @@
fprintf(fp, "alias for type");
display_id(&policydb, fp, SYM_TYPES, type->s.value - 1, "");
}
- fprintf(fp, "\n");
+ fprintf(fp, " flags:%x\n", type->flags);
return 0;
}
Modified: trunk/checkpolicy/test/dispol.c
===================================================================
--- trunk/checkpolicy/test/dispol.c 2008-03-24 20:17:15 UTC (rev 2855)
+++ trunk/checkpolicy/test/dispol.c 2008-03-24 20:18:16 UTC (rev 2856)
@@ -319,6 +319,28 @@
}
}
+static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type,
+ uint32_t symbol_value, char *prefix)
+{
+ char *id = p->sym_val_to_name[symbol_type][symbol_value];
+ fprintf(fp, " %s%s", prefix, id);
+}
+
+static void display_permissive(policydb_t *p, FILE *fp)
+{
+ ebitmap_node_t *node;
+ int i;
+
+ fprintf(fp, "permissive sids:\n");
+ ebitmap_for_each_bit(&p->permissive_map, node, i) {
+ if (ebitmap_node_get_bit(node, i)) {
+ fprintf(fp, "\t");
+ display_id(p, fp, SYM_TYPES, i - 1, "");
+ fprintf(fp, "\n");
+ }
+ }
+}
+
int menu()
{
printf("\nSelect a command:\n");
@@ -331,6 +353,7 @@
printf("7) change a boolean value\n");
printf("\n");
printf("c) display policy capabilities\n");
+ printf("p) display the list of permissive types\n");
printf("u) display unknown handling setting\n");
printf("f) set output file\n");
printf("m) display menu\n");
@@ -447,6 +470,9 @@
case 'c':
display_policycaps(&policydb, out_fp);
break;
+ case 'p':
+ display_permissive(&policydb, out_fp);
+ break;
case 'u':
case 'U':
display_handle_unknown(&policydb, out_fp);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-24 20:18:45
|
Revision: 2857
http://selinux.svn.sourceforge.net/selinux/?rev=2857&view=rev
Author: ssmalley
Date: 2008-03-24 13:18:43 -0700 (Mon, 24 Mar 2008)
Log Message:
-----------
updated libsepol to version 2.0.26
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-03-24 20:18:16 UTC (rev 2856)
+++ trunk/libsepol/ChangeLog 2008-03-24 20:18:43 UTC (rev 2857)
@@ -1,3 +1,6 @@
+2.0.26 2008-03-24
+ * Add permissive domain support from Eric Paris.
+
2.0.25 2008-03-04
* Drop unused ->buffer field from struct policy_file.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-03-24 20:18:16 UTC (rev 2856)
+++ trunk/libsepol/VERSION 2008-03-24 20:18:43 UTC (rev 2857)
@@ -1 +1 @@
-2.0.25
+2.0.26
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-24 20:18:08
|
Revision: 2855
http://selinux.svn.sourceforge.net/selinux/?rev=2855&view=rev
Author: ssmalley
Date: 2008-03-24 13:17:15 -0700 (Mon, 24 Mar 2008)
Log Message:
-----------
Author: Eric Paris
Email: ep...@re...
Subject: libsepol: add permissive domain support
Date: Mon, 24 Mar 2008 09:51:37 -0400
This patch adds support for permissive types.
In the kernel policy format the permissive types are in a bitmap
referenced by the type value.
In the module policy format a new field in the type_datum_t called
'flags' was added. The only currently defined flag is
TYPE_FLAGS_PERMISSIVE.
Checkpolicy can set the permissive flag on the type_datum_t in question
and that flag will persist on disk. It will be OR'd at link time
against the type in the base policy. At expand time we build the bit
array the kernel uses.
Signed-off-by: Eric Paris <ep...@re...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/include/sepol/policydb/policydb.h
trunk/libsepol/src/expand.c
trunk/libsepol/src/link.c
trunk/libsepol/src/policydb.c
trunk/libsepol/src/write.c
Modified: trunk/libsepol/include/sepol/policydb/policydb.h
===================================================================
--- trunk/libsepol/include/sepol/policydb/policydb.h 2008-03-20 19:01:26 UTC (rev 2854)
+++ trunk/libsepol/include/sepol/policydb/policydb.h 2008-03-24 20:17:15 UTC (rev 2855)
@@ -143,6 +143,8 @@
#define TYPE_ALIAS 2 /* alias in modular policy */
uint32_t flavor;
ebitmap_t types; /* types with this attribute */
+#define TYPE_FLAGS_PERMISSIVE 0x01
+ uint32_t flags;
} type_datum_t;
/* User attributes */
@@ -470,6 +472,10 @@
ebitmap_t policycaps;
+ /* this bitmap is referenced by type NOT the typical type-1 used in other
+ bitmaps. Someday the 0 bit may be used for global permissive */
+ ebitmap_t permissive_map;
+
unsigned policyvers;
unsigned handle_unknown;
@@ -588,10 +594,11 @@
#define POLICYDB_VERSION_AVTAB 20
#define POLICYDB_VERSION_RANGETRANS 21
#define POLICYDB_VERSION_POLCAP 22
+#define POLICYDB_VERSION_PERMISSIVE 23
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_POLCAP
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_PERMISSIVE
/* Module versions and specific changes*/
#define MOD_POLICYDB_VERSION_BASE 4
@@ -600,9 +607,10 @@
#define MOD_POLICYDB_VERSION_RANGETRANS 6
#define MOD_POLICYDB_VERSION_MLS_USERS 6
#define MOD_POLICYDB_VERSION_POLCAP 7
+#define MOD_POLICYDB_VERSION_PERMISSIVE 8
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_POLCAP
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_PERMISSIVE
#define POLICYDB_CONFIG_MLS 1
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2008-03-20 19:01:26 UTC (rev 2854)
+++ trunk/libsepol/src/expand.c 2008-03-24 20:17:15 UTC (rev 2855)
@@ -92,6 +92,7 @@
memset(new_type, 0, sizeof(type_datum_t));
new_type->flavor = type->flavor;
+ new_type->flags = type->flags;
new_type->s.value = ++state->out->p_types.nprim;
if (new_type->s.value > UINT16_MAX) {
free(new_id);
@@ -112,6 +113,12 @@
return -1;
}
+ if (new_type->flags & TYPE_FLAGS_PERMISSIVE)
+ if (ebitmap_set_bit(&state->out->permissive_map, new_type->s.value, 1)) {
+ ERR(state->handle, "Out of memory!\n");
+ return -1;
+ }
+
return 0;
}
@@ -480,6 +487,8 @@
else
assert(0); /* unreachable */
+ new_alias->flags = alias->flags;
+
ret = hashtab_insert(state->out->p_types.table,
(hashtab_key_t) new_id,
(hashtab_datum_t) new_alias);
@@ -492,6 +501,13 @@
}
state->typemap[alias->s.value - 1] = new_alias->s.value;
+
+ if (new_alias->flags & TYPE_FLAGS_PERMISSIVE)
+ if (ebitmap_set_bit(&state->out->permissive_map, new_alias->s.value, 1)) {
+ ERR(state->handle, "Out of memory!");
+ return -1;
+ }
+
return 0;
}
Modified: trunk/libsepol/src/link.c
===================================================================
--- trunk/libsepol/src/link.c 2008-03-20 19:01:26 UTC (rev 2854)
+++ trunk/libsepol/src/link.c 2008-03-24 20:17:15 UTC (rev 2855)
@@ -405,6 +405,8 @@
state->cur_mod_name, id);
return -1;
}
+ /* permissive should pass to the base type */
+ base_type->flags |= (type->flags & TYPE_FLAGS_PERMISSIVE);
} else {
if (state->verbose)
INFO(state->handle, "copying type %s", id);
@@ -418,6 +420,7 @@
goto cleanup;
}
new_type->primary = type->primary;
+ new_type->flags = type->flags;
new_type->flavor = type->flavor;
/* for attributes, the writing of new_type->types is
done in type_fix_callback() */
@@ -441,6 +444,7 @@
}
new_type->primary = type->primary;
new_type->flavor = type->flavor;
+ new_type->flags = type->flags;
new_type->s.value = base_type->s.value;
if ((new_id = strdup(id)) == NULL) {
goto cleanup;
@@ -702,6 +706,8 @@
return -1;
}
+ target_type->flags |= (type->flags & TYPE_FLAGS_PERMISSIVE);
+
base_type = hashtab_search(state->base->p_types.table, id);
if (base_type == NULL) {
if (state->verbose)
@@ -713,6 +719,7 @@
}
/* the linked copy always has TYPE_ALIAS style aliases */
new_type->primary = target_type->s.value;
+ new_type->flags = target_type->flags;
new_type->flavor = TYPE_ALIAS;
new_type->s.value = state->base->p_types.nprim + 1;
if ((new_id = strdup(id)) == NULL) {
@@ -747,6 +754,7 @@
base_type->flavor = TYPE_ALIAS;
base_type->primary = target_type->s.value;
+ base_type->flags |= (target_type->flags & TYPE_FLAGS_PERMISSIVE);
}
/* the aliases map points from its value to its primary so when this module
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-03-20 19:01:26 UTC (rev 2854)
+++ trunk/libsepol/src/policydb.c 2008-03-24 20:17:15 UTC (rev 2855)
@@ -105,6 +105,12 @@
.ocon_num = OCON_NODE6 + 1,
},
{
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
.type = POLICY_BASE,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -129,6 +135,12 @@
.ocon_num = OCON_NODE6 + 1,
},
{
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_NODE6 + 1,
+ },
+ {
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -150,7 +162,14 @@
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_POLCAP,
.sym_num = SYM_NUM,
- .ocon_num = 0},
+ .ocon_num = 0
+ },
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_PERMISSIVE,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0
+ },
};
#if 0
@@ -467,6 +486,8 @@
ebitmap_init(&p->policycaps);
+ ebitmap_init(&p->permissive_map);
+
for (i = 0; i < SYM_NUM; i++) {
p->sym_val_to_name[i] = NULL;
rc = symtab_init(&p->symtab[i], symtab_sizes[i]);
@@ -992,6 +1013,8 @@
ebitmap_destroy(&p->policycaps);
+ ebitmap_destroy(&p->permissive_map);
+
symtabs_destroy(p->symtab);
for (i = 0; i < SYM_NUM; i++) {
@@ -1907,19 +1930,22 @@
{
char *key = 0;
type_datum_t *typdatum;
- uint32_t buf[4];
+ uint32_t buf[5];
size_t len;
- int rc;
+ int rc, to_read;
typdatum = calloc(1, sizeof(type_datum_t));
if (!typdatum)
return -1;
- if (p->policy_type == POLICY_KERN) {
- rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
- } else {
- rc = next_entry(buf, fp, sizeof(uint32_t) * 4);
- }
+ if (p->policy_type == POLICY_KERN)
+ to_read = 3;
+ else if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ to_read = 5;
+ else
+ to_read = 4;
+
+ rc = next_entry(buf, fp, sizeof(uint32_t) * to_read);
if (rc < 0)
goto bad;
@@ -1928,6 +1954,8 @@
typdatum->primary = le32_to_cpu(buf[2]);
if (p->policy_type != POLICY_KERN) {
typdatum->flavor = le32_to_cpu(buf[3]);
+ if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ typdatum->flags = le32_to_cpu(buf[4]);
if (ebitmap_read(&typdatum->types, fp))
goto bad;
}
@@ -3157,6 +3185,12 @@
goto bad;
}
+ if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ if (ebitmap_read(&p->permissive_map, fp))
+ goto bad;
+ }
+
for (i = 0; i < info->sym_num; i++) {
rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
if (rc < 0)
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2008-03-20 19:01:26 UTC (rev 2854)
+++ trunk/libsepol/src/write.c 2008-03-24 20:17:15 UTC (rev 2855)
@@ -959,6 +959,12 @@
buf[items++] = cpu_to_le32(typdatum->primary);
if (p->policy_type != POLICY_KERN) {
buf[items++] = cpu_to_le32(typdatum->flavor);
+ if (p->policyvers >= MOD_POLICYDB_VERSION_PERMISSIVE)
+ buf[items++] = cpu_to_le32(typdatum->flags);
+ else if (typdatum->flags & TYPE_FLAGS_PERMISSIVE)
+ WARN(fp->handle, "Warning! Module policy version %d cannnot "
+ "support permissive types, but one was defined",
+ p->policyvers);
}
items2 = put_entry(buf, sizeof(uint32_t), items, fp);
if (items != items2)
@@ -1618,6 +1624,27 @@
return POLICYDB_ERROR;
}
+ if (p->policyvers < POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ ebitmap_node_t *tnode;
+ unsigned int i;
+
+ ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
+ if (ebitmap_node_get_bit(tnode, i)) {
+ WARN(fp->handle, "Warning! Policy version %d cannot "
+ "support permissive types, but some were defined",
+ p->policyvers);
+ break;
+ }
+ }
+ }
+
+ if (p->policyvers >= POLICYDB_VERSION_PERMISSIVE &&
+ p->policy_type == POLICY_KERN) {
+ if (ebitmap_write(&p->permissive_map, fp) == -1)
+ return POLICYDB_ERROR;
+ }
+
num_syms = info->sym_num;
for (i = 0; i < num_syms; i++) {
buf[0] = cpu_to_le32(p->symtab[i].nprim);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-20 20:01:15
|
Revision: 2853
http://selinux.svn.sourceforge.net/selinux/?rev=2853&view=rev
Author: ssmalley
Date: 2008-03-20 11:59:05 -0700 (Thu, 20 Mar 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libselinux: don't warn about failed selinuxfs mount if selinux disabled
Date: Wed, 19 Mar 2008 09:12:20 -0400
Do not warn about a failed mount of selinuxfs if selinux was disabled
in the kernel (either at compile-time or at boot via selinux=0).
Based on a diff in the Debian libselinux package, reformatted for coding style.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/src/load_policy.c
Modified: trunk/libselinux/src/load_policy.c
===================================================================
--- trunk/libselinux/src/load_policy.c 2008-03-18 20:36:20 UTC (rev 2852)
+++ trunk/libselinux/src/load_policy.c 2008-03-20 18:59:05 UTC (rev 2853)
@@ -369,8 +369,11 @@
* commandline enforcing setting.
*/
*enforce = 0;
+ } else {
+ /* Only emit this error if selinux was not disabled */
+ fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
}
- fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
+
goto noload;
}
set_selinuxmnt(SELINUXMNT);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-20 19:02:18
|
Revision: 2854
http://selinux.svn.sourceforge.net/selinux/?rev=2854&view=rev
Author: ssmalley
Date: 2008-03-20 12:01:26 -0700 (Thu, 20 Mar 2008)
Log Message:
-----------
updated libselinux to version 2.0.60
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-03-20 18:59:05 UTC (rev 2853)
+++ trunk/libselinux/ChangeLog 2008-03-20 19:01:26 UTC (rev 2854)
@@ -1,3 +1,6 @@
+2.0.60 2008-03-20
+ * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
+
2.0.59 2008-02-29
* Merged new X label "poly_selection" namespace from Eamon Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-03-20 18:59:05 UTC (rev 2853)
+++ trunk/libselinux/VERSION 2008-03-20 19:01:26 UTC (rev 2854)
@@ -1 +1 @@
-2.0.59
+2.0.60
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-18 20:36:22
|
Revision: 2852
http://selinux.svn.sourceforge.net/selinux/?rev=2852&view=rev
Author: ssmalley
Date: 2008-03-18 13:36:20 -0700 (Tue, 18 Mar 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.46
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-03-18 20:35:33 UTC (rev 2851)
+++ trunk/policycoreutils/ChangeLog 2008-03-18 20:36:20 UTC (rev 2852)
@@ -1,3 +1,6 @@
+2.0.46 2008-03-18
+ * Update audit2allow to report dontaudit cases from Dan Walsh.
+
2.0.45 2008-03-18
* Fix semanage port to use --proto from Caleb Case.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-03-18 20:35:33 UTC (rev 2851)
+++ trunk/policycoreutils/VERSION 2008-03-18 20:36:20 UTC (rev 2852)
@@ -1 +1 @@
-2.0.45
+2.0.46
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-03-18 20:35:35
|
Revision: 2851
http://selinux.svn.sourceforge.net/selinux/?rev=2851&view=rev
Author: ssmalley
Date: 2008-03-18 13:35:33 -0700 (Tue, 18 Mar 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Audit2allow/audit2why patch for policycoreutils.
Date: Tue, 18 Mar 2008 11:27:06 -0400
Reveals dontaudit rules in policy.
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-03-18 20:28:49 UTC (rev 2850)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-03-18 20:35:33 UTC (rev 2851)
@@ -247,6 +247,11 @@
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
continue
+ if rc == audit2why.DONTAUDIT:
+ print "\t\tUnknown - should be dontaudit'd by active policy\n",
+ print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+ print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+ continue
if rc == audit2why.BOOLEAN:
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
